Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
June 29, 2023Rewterz Threat Alert – North Korea Linked Konni APT Group – Active IOCs
June 30, 2023Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
June 29, 2023Rewterz Threat Alert – North Korea Linked Konni APT Group – Active IOCs
June 30, 2023Severity
High
Analysis Summary
The National Telecommunication and Information Technology Security Board (NTISB) has issued a warning to government departments regarding the use of Indian/Israeli IT-related products and services. The advisory highlights the potential cyber threats associated with these products and services, especially in critical information infrastructure (CII). While these solutions may appear to be cost-effective, there is a concern about the presence of backdoors or malware that could compromise cybersecurity.
The NTISB emphasizes that several incidents in the public sector have revealed the involvement of Indian-based threat actors, leading to service disruptions, data loss, and reputational damage for organizations. To mitigate these risks, the advisory suggests that federal departments should protect their businesses and critical data by avoiding the procurement of IT hardware solutions from these countries, in accordance with the existing ban imposed by the Commerce Division.
Additionally, the NTISB recommends against procuring IT security solutions, such as intrusion detection and prevention systems, security information and event management, extended detection and response, mobile device management, and DDoS mitigation solutions from these countries or their partners, due to the potential presence of backdoors or malware.
Organizations are advised to discontinue the use of online software solutions and transition to alternate offline solutions to ensure business continuity. Offline solutions should be used with the acceptance of associated risks, without applying updates/patches or connecting to the internet.
The NTISB further states that vendors/OEMs should provide a certificate guaranteeing the absence of backdoor eavesdropping or remote access mechanisms. Failure to identify unauthorized access or data leakage may result in contract cancellation and blacklisting of the firm. Service level agreements (SLAs), if applicable, should include security clauses to safeguard businesses and critical data.
For critical information infrastructure, code walkthroughs and comprehensive security assessments should be conducted through PTA-approved auditing firms. Random penetration testing should also be carried out to ensure the effectiveness of security measures.
The advisory emphasizes that all government organizations have a responsibility to implement cybersecurity measures in their respective domains and should adopt a cautious approach to mitigate potential risks.
Recommendations
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Conduct a comprehensive risk assessment of existing IT products and services. Evaluate the potential security risks and consider alternative solutions if necessary.
- Perform thorough due diligence when selecting vendors for IT products and services. Assess their reputation, track record, security practices, and transparency regarding the absence of backdoors or remote access mechanisms. Request and verify certificates guaranteeing the absence of such vulnerabilities.
- Strengthen cybersecurity measures within government departments, especially for critical information infrastructure (CII). Implement robust security controls, including intrusion detection and prevention systems, security information and event management, extended detection and response, mobile device management, and DDoS mitigation solutions from trusted sources.
- Conduct regular security audits and penetration testing of critical information infrastructure through approved auditing firms. These assessments will help identify vulnerabilities, detect potential threats, and ensure the effectiveness of security measures.
- Implement continuous monitoring mechanisms to detect any unauthorized access, anomalies, or malicious activities. Regularly review and enforce compliance with security policies, procedures, and guidelines within government departments.