Return to list of client alerts
Microsoft has warned that Chinese state sponsored spies HAVE GAINED ACCESS to U.S. critical infrastructure.
They also said that the hacking group they call Volt Typhoon has attempted to access companies in the “communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors”.
That pretty well covers everyone.
They say that the goal is to perform espionage and stay undetected for as long as possible.
To my knowledge, the “longest” that this has happened in the past was 12 years.
The objective is to be able to detonate an attack at will, with the click of a mouse, when the time is right.
In the 12 year case above, when it did detonate, the company had to file for bankruptcy and was sold for scrap at fire-sale prices.
This comes at a time when the U.S. has banned more than a thousand Chinese companies from doing business in the U.S. and China has banned U.S. chipmaker Micron. While I am sure that Micron would like to sell their chips in China, that ban has far less impact than our ban on a thousand Chinese companies.
What this means is that you should assume that we are in a state of cyberwar and to use the Pentagon’s nomenclature, consider this to be Defcon 3 (Yellow) or Defcon 2 (Red) status. It means that the likelihood of an attack is high and that businesses should be prepared for that.
In addition, if the Chinese are really inside our critical infrastructure and have the ability to disrupt it (like what happened with the Colonial Pipeline attack), businesses need to be ready to implement their business continuity and disaster recovery plans.
If you assume that your third party service providers will be standing by ready and able to assist you, let me remind you of a recent event that may change your mind. OVH, the European version of AWS, had a fire at their Strasbourg, France, data center that completely destroyed their SBG2 data center building and seriously damaged SBG1 and SBG3, including all telecommunications into and out of the site. The CEO of OVH held a press conference and said that he recommended, to the hundreds of thousands of companies that were hosted there, that they implement their disaster recovery plans. Meaning, of course, you are on your own, good luck. While they worked hard to accommodate customers over the next weeks and months, they have no responsibility or liability to do so. You can find more information on this 2021 fire here or on Google.
We know that no one wants to deal with this, but, the moral here is that you are responsible for your own disaster recovery and business continuity plans and if you are not comfortable that you could quickly and effectively recover from an unplanned outage of a key supplier OR THAT YOU COULD DETECT IF AN ADVERSARY SUCCESSFULLY PENETRATED YOUR ENVIRONMENT, please contact us for help.
Credit: The Record