How to mitigate advanced persistent threats (APT) like Volt Typhoon

Mitigating conventional cyber threats is already hard enough. Protecting against advanced persistent threats (APT) can make security even more of a challenge.

The silver lining? You don’t need to change your security stance. In most cases, you can build on your existing security strategies for more comprehensive protection. Here’s how to mitigate APTs in your org.

Want all of the insights? Learn the preventative measures you can take to protect your org from Volt Typhoon and other APTs.

Like the name suggests, advanced persistent threats aren’t your run-of-the-mill cyber attacks. These complex attacks require careful planning and are designed for threat actors to gain access to a system and remain undetected for prolonged periods of time. 

The goal of these attacks varies, but they typically aim to obtain information and use it for financial gain. As a result, large tech organizations, financial institutions, and government agencies tend to be particularly at risk for APT attacks.

One example of an advanced persistent threat group is Volt Typhoon. Volt Typhoon, also known as Insidious Taurus or Bronze Silhouette, is a China-based threat actor group. By exploiting vulnerabilities in public-facing edge devices (think routers and firewalls), they can gain access to organizations’ IT networks and obtain credentials. They’ve gone undetected for years because of their use of LOLBins, living off the land (local) binaries, or local binaries.

Learn more about Volt Typhoon and how to protect your organization:

• Advanced Persistent Threat Brief: Volt Typhoon

• Volt Typhoon: Preventative Control

• Security Hot Takes: Critical Infrastructure Advisory-Volt Typhoon

The best way to protect your organization from advanced persistent threats is with advanced persistent training. That starts with raising awareness about APTs, learning their warning signs, and knowing how to identify suspicious activity in your systems.

Defending your organization from APTs starts with a strong security foundation. All IT professionals should earn security certifications. Non-technical employees should have basic security knowledge and understand their role in preventing phishing, social engineering, and other cyber threats.

But you don’t want a cyber attack to be the first time your security professionals face a threat head-on. Provide hands-on labs and sandboxes for pros to gain experience identifying and protecting against simulated attacks.

Learn how to solve the cybersecurity skills gap.

Advanced persistent threats are designed to lay low so threat actors can gather sensitive information over time. Because of this, APTs can be hard to detect. In fact, the average dwell time for advanced persistent threats is 180 days. Threat actors are spending six months in networks through the use of LOLBins!

Local binaries rarely raise an alert, but if you know what to look for, you can detect them. Knowing the potential APT warning signs is key to spotting them faster:

• Unexpected data operations (such as large data transfers) 

• Unusual access or permission changes

• Increased spear phishing and Trojan horse attacks

• Use of administrative tools at the command line

Once threat actors like Volt Typhoon gain initial access to your network, they attempt to gather and transfer data using the command line.

That’s why it’s so important to log and monitor command line activity. Create filters and alerts for suspicious command line activity like unauthorized scripts or accessing or using admin tools at odd times during the day.

Application whitelisting refers to creating a list of trusted applications and scripts. Only those you approve are allowed to run in your systems, preventing unauthorized or harmful activity.

Advanced persistent threats often take advantage of the latest vulnerabilities. Staying up to date with the threat and vulnerability landscape can help you defend against APTs. As threats evolve, make sure your security policies take into account the latest attacks and security best practices. 

Tools like the National Vulnerability Database allow you to find and fix vulnerabilities. Search for the systems and software you use, see if there are any known vulnerabilities for them, and then determine whether you can patch them.

Explore the 6 best cybersecurity tools to prevent cyber attacks.

Strengthening or enhancing your existing security posture is one of the best ways to mitigate APTs. Make sure your security strategy includes these practices:

• Patch vulnerabilities: Regularly check for vulnerabilities and patch them as soon as possible to remove potential entry points for threat actors.

• Set strong access control: Use comprehensive identity and access management, including role-based access and multi-factor authentication.

• Use anti-phishing tools: APTs may use phishing, especially spear phishing, to gain a foothold in your networks. Anti-phishing tools can filter suspicious emails and add an extra layer of security.

Explore more ways to prevent APT attacks.

Whether it's Volt Typhoon or another threat, when it comes to preventing advanced persistent threats, a Zero Trust approach will never steer you wrong. Strengthen your security fundamentals, stay up to date with the latest attacks (within reason), and always verify activity, identity, and authorization before granting access.

Discover more ways to defend your org from Volt Typhoon and other APTs.

Short on security skills in your org? Learn how to solve the cybersecurity skills gap.