US DoJ Announced Disruption of KV-Botnet targeted at Hacking US Critical Infrastructure
The United States Department of Justice has announced that they, in joint work with several businesses, and law enforcement agencies have identified and disrupted the KV-Botnet malware created by the People’s Republic of China (PRC) state-sponsored hackers. The KV-Botnet exploited known vulnerabilities in older routers from Cisco, NetGear, and others to perform targeted attacks on US critical infrastructure via IIoT devices. The KV-Botnet Malware is only resident in local memory and can be removed by simply rebooting the router.
It is no surprise that Nation State adversaries are pre-positioning themselves to disrupt critical infrastructure. Russia and Ukraine have both deployed BOT armies to invoke DDOS attacks on not only political information websites, but airports, maritime facilities and other critical infrastructure.
CISA’s announcement and publication of the latest Chinese state sponsored attack highlights the PRC’s interest in taking command and control of critical infrastructure in the event of hostilities.
When reviewing defense in depth approaches, Software Defined Networking (SDN) brings substantial capabilities to defending against these types of attacks. By controlling what devices are allowed to communicate on your network, what protocols are allowed, and what access/egress points are approved, SDN brings capabilities that legacy networking approaches, such as firewalls, cannot.
SDN can harden networks by:
- Blocking unapproved protocols and devices from entering the network (important in DDOS attacks)
- Preventing devices from communicating outside the approved network zones and conduits (ransomware and malware often phone home to initiate command and control of the targeted network)
- Limiting the blast radius on intrusions via micro-segmenting the network
- Defending against east-west maneuvering across the network by adversaries
If you would like to have a conversation about how to HARDEN your network infrastructure, please reach out to me at [email protected]