Volt Typhoon Takedown Highlights Critical Infrastructure Security Complexities

February 22, 2024 – Published on Nexus

Experts say the disruption of a botnet operated by the Volt Typhoon threat actors, through a collaborative mix of federal agencies and private cybersecurity firms, highlights the complexities of protecting the U.S. critical infrastructure in similar situations and provides a template for future actions.

The botnet, consisting of KV malware, resided within infected and end-of-life small business/home office networking gear. The attacks exploited the vulnerabilities CVE-2019-1652 and CVE-2019-1653 to compromise these devices. The botnet targeted critical infrastructure within the communications, energy, transportation, and water sectors. The botnet takedown, the research behind it, and its critical infrastructure targets highlight the challenges the world faces in defending against such threats—and the private industry/government collaboration that’s necessary to succeed. Still, more work needs to be done to lay the foundation for future success.

Christopher Warner, senior security consultant, OT-GRC at GuidePoint Security, agrees the complexities are high. “Private organizations own and operate over 75% of our nation’s critical infrastructure, which provides electricity, water, oil and gas, food and beverage plants, emergency services, hospitals, and more. These organizations have limited resources dedicated to maintaining operational technology/industrial control systems, typically without any or limited downtimes for maintenance or patching,” says Warner.

“OT/ICS systems can be very complex, and the knowledge and expertise engineers need to maintain these systems add more resource constraints in finding qualified personnel on these systems, let alone [those with] knowledge of security,” Warner adds.

Read More HERE.