The end of the year is a good time to ensure you’re prepared for new threats
Review your access technology and ensure that phishing-resistant multifactor authentication is used in your environment. In business settings, ensure you use hardware-based multifactor authentication, such as PKI or FIDO.
Attackers have used and targeted Cisco hardware and software in exploits in several attacks. Specifically, CISA recommends that you disable all services and technologies you are not explicitly using in your environment. In addition, it’s recommended to take additional actions to disable various Cisco services, such as the following:
- Disable Cisco’s Smart Install service.
- Disable guest shell access.
- Disable all non-encrypted web management capabilities.
- Ensure that web servers, if used, are set up with encrypted SSL connections.
- Only enable web management if required.
- Disable telnet and ensure it’s not enabled on any Virtual Teletype (VTY) lines.
This is not the first, nor will it be the last, warning about threat groups supported by the People’s Republic of China targeting government and businesses. In February 2024, CISA released its advisory on Volt Typhoon and the APT’s ability to target and perform pre-compromise reconnaissance.