The FBI and the Cybersecurity & Infrastructure Security Agency (CISA), along with the U.S. National Security Agency and other international partners, recently released a cybersecurity advisory (CSA) about a group of bad actors known as BlackTech.
The advisory describes how BlackTech conducts its operations and the need for organizations to review their information security systems. Below are a few key takeaways from the CSA. For the full advisory, visit the CISA website.
How BlackTech Targets Organizations
BlackTech is using custom malware, dual-use tools, and various “living off the land” tactics to conceal operations and compromise routers. Specifically, BlackTech actors have compromised several Cisco routers—this advisory is not solely limited to Cisco routers, as similar tactics could be used with other equipment.
Using a variety of techniques, BlackTech is able to hide its presence in the system. Some of these techniques include backdoors like using the router’s CLI to replace the router’s IOS image firmware, as detailed in the advisory.
Key Takeaway: Take intentional time to examine your organization’s information technology detection capabilities and flag any suspicious connections.
Be Sure You Are Monitoring Your Data Flow
The CSA gives some examples of mitigation practices to help defend against BlackTech’s malicious activity.
It is of high importance that our clients and prospects be sure they are monitoring the traffic flow of information—both internally and externally. The CSA suggests blocking unauthorized outbound connections from network devices and placing admin systems in separate virtual local area networks (VLANs).
Key Takeaway: Consider the processes your organization currently has in place to monitor your systems. Where are there gaps in your systems? Where can you improve your cybersecurity posture?
Here to Help
Our cybersecurity team at FORVIS has multiple tools that can help you monitor your systems, simulate a ransomware attack, and more. After reviewing the CSA, please reach out to a professional at FORVIS.