US DoJ Announced Disruption of KV-Botnet targeted at Hacking US Critical Infrastructure

US DoJ Announced Disruption of KV-Botnet targeted at Hacking US Critical Infrastructure

The United States Department of Justice has announced that they, in joint work with several businesses, and law enforcement agencies have identified and disrupted the KV-Botnet malware created by the  People’s Republic of China (PRC) state-sponsored hackers. The KV-Botnet exploited known vulnerabilities in older routers from Cisco, NetGear, and others to perform targeted attacks on US critical infrastructure via IIoT devices. The KV-Botnet Malware is only resident in local memory and can be removed by simply rebooting the router. 

It is no surprise that Nation State adversaries are pre-positioning themselves to disrupt critical infrastructure. Russia and Ukraine have both deployed BOT armies to invoke DDOS attacks on not only political information websites, but airports, maritime facilities and other critical infrastructure.

CISA’s announcement and publication of the latest Chinese state sponsored attack highlights the PRC’s interest in taking command and control of critical infrastructure in the event of hostilities.

When reviewing defense in depth approaches, Software Defined Networking (SDN) brings substantial capabilities to defending against these types of attacks. By controlling what devices are allowed to communicate on your network, what protocols are allowed, and what access/egress points are approved, SDN brings capabilities that legacy networking approaches, such as firewalls, cannot.

SDN can harden networks by:

  • Blocking unapproved protocols and devices from entering the network (important in DDOS attacks)
  • Preventing devices from communicating outside the approved network zones and conduits (ransomware and malware often phone home to initiate command and control of the targeted network)
  • Limiting the blast radius on intrusions via micro-segmenting the network
  • Defending against east-west maneuvering across the network by adversaries

 

If you would like to have a conversation about how to HARDEN your network infrastructure, please reach out to me at [email protected]

Share

You Might Also Like...

DISTRIBUTECH International 2024

DISTRIBUTECH International, held February 26-29 in Orlando, Florida, is a premier annual event for transmission and distribution. This year’s event promises to showcase the latest in

Read More
IT Support by SADOSSecure, Fast Hosting for WordPress

Subscribe to Our
Newsletter

Subscribe now to receive expert insights, latest cybersecurity news, and practical tips to protect your business from evolving threats.