The U.S. intelligence community continues to monitor Chinese activities carefully as the National Security Agency today released a list of 25 common vulnerabilities and exposures known to have been recently leveraged or scanned by Chinese state-sponsored cyber actors for hacking hacking operations.
The Homeland Security Department's Cybersecurity and Infrastructure Security Agency encourages security teams to prioritize the immediate patching of the CVEs in NSA’s advisory and to review CISA’s Alert Potential for China Cyber Response to Heightened U.S.–China Tensions, which details potential cyber responses to heightened tensions between the United States and China. It also offers tactics and techniques and recommended mitigations to cybersecurity teams responsible for protecting critical infrastructure.
The NSA’s advisory recommends security teams take the following six steps:
- Keep systems and tech products updated and patched as soon as patches are released.
- Expect that patching will not alleviate data stolen or modified before the device was patched, making password changes and account reviews a good practice.
- Disable external management capabilities and set up an out-of-band management network.
- Block obsolete or unused protocols at the network edge, and disable them in device configurations.
- Isolate internet-facing services in a network DMZ to reduce the exposure of the internal network.
- Enable robust logging of internet-facing services and monitor the logs for compromises.