A New Era in Cyber Threats: Living Off the Land
The cybersecurity landscape is facing a critical turning point as financial institutions grapple with increasingly sophisticated hacking techniques. One of the most concerning developments is “Living Off the Land,” a strategy where cybercriminals exploit privileged access credentials to infiltrate systems unnoticed. These attackers embed themselves within networks, often lying dormant until the perfect moment to strike.
This shift in hacking tactics requires a fresh approach to cybersecurity, with a renewed focus on Privileged Access Management (PAM). The days of relying on traditional IT security measures are over; it’s time for organizations to act decisively to safeguard their systems.
Meet the Threat: “Volt Typhoon”
At the heart of this evolving cyber threat is “Volt Typhoon,” a state-sponsored hacking group linked to the People’s Republic of China (PRC). This group has been targeting critical infrastructure—including financial systems, communication networks, and energy grids—with the goal of causing widespread disruption when it suits their strategic interests.
Although the group’s activities were only uncovered in 2023, evidence shows they have been operating undetected since at least 2021. Their ability to remain invisible for extended periods underscores the importance of proactive and robust cybersecurity measures.
CISA’s Core Recommendations: Getting Back to Basics
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has emphasized the importance of fundamental cybersecurity practices to counter threats like Volt Typhoon. Their recommendations include:
- Regular Patching: Address vulnerabilities immediately to prevent exploitation.
- Multi-Factor Authentication (MFA): Enforce MFA across all accounts to bolster security.
- Enhanced Logging: Increase log retention periods and closely monitor administrative activities.
- End-of-Life (EOL) Management: Identify and replace unsupported or outdated software and systems.
While these practices are not new, gaps in implementation have allowed attackers to exploit them. For example, many organizations retain logs for only short periods, creating blind spots that hackers can use to evade detection. Closing these gaps is critical to mitigating risk.
CISA Director Jen Easterly put it plainly during her January 2024 testimony to Congress:
“This threat is not theoretical. It is both real and urgent… What we’ve uncovered is likely just the beginning.”
Industry Collaboration Is Key
Defending against advanced threats like Volt Typhoon requires collaboration between industry leaders and regulators. As agencies such as the DFPI work to ensure CISA’s recommendations are being implemented effectively, a particular focus on vendor management is crucial.
Third-party vendors, like Managed Service Providers (MSPs), often require elevated access to systems, making them a potential weak point. Strengthening oversight and control of these relationships is a vital step in reducing exposure to cyber threats.
Cybersecurity Requires Immediate Action
The rise of Volt Typhoon underscores the urgency of enhancing cybersecurity measures across the financial sector. This is not a theoretical issue—it’s a pressing threat that demands immediate attention. Strengthening privileged access management, implementing CISA’s recommendations, and fostering industry-regulator collaboration are essential steps to safeguard critical infrastructure.
By addressing these vulnerabilities today, financial institutions can position themselves to stay ahead of emerging threats in the future.
