Preparing For A South China Sea Cyber Storm

Uploaded on 2024-07-04 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-Defence, FREE TO VIEW

As tensions between China and the US heat up, strategic moves are gaining traction that will inevitably have repercussions on the Western world for generations.

However, the world must be aware that as the geopolitical landscape continues to fracture, cyberspace will almost certainly act as a second front for nation states to achieve their agendas, potentially impacting global businesses across the industry spectrum.

The perceived threat posed by Beijing is manifested by the territorial disputes between China with both Japan and the Philippines respectively, with the former regarding the Senkaku Islands in the East China Sea and the latter pertaining to Second Thomas Shoal, located close to the coast of the Philippine Island of Palawan. Taiwan also plays a critical role with China bent on reunification with the island.

However, Beijing cannot realistically invade Taiwan without encountering the Philippines or Japanese bases. Why?

Primarily because there is a proximity of less than a few hundred miles of water separating Philippine and Japanese territory from Taiwan. Further, both the Philippines President Ferdinand Marcos Jr and the Japanese Prime Minister Fumio Kishida have publicly stated that peace in Taiwan is essential to their respective national security postures.

Has China United A Tri-Lateral Faction?

US President Joe Biden and his counterparts, Kishida and Marcos Jr., held the first-ever U.S.-Japan-Philippines trilateral summit on April 11th, highlighting the importance of the US Indo-Pacific Strategy, with the leaders pledging to pursue a free and open Indo-Pacific “for decades to come.”

A recently formed trilateral US-Japan-Philippines relationship is not the only faction threatening Chinese interests these days as the US, Japan and South Korea have also enhanced their defense cooperation; whilst Tokyo is strengthening security ties with the Southeast Asian thorn in the side of Beijing, that is Vietnam.

An Artificial Chinese Response?

The current Biden administration will likely view this new partnership as a method of withstanding potential leadership changes in the upcoming US Presidential Election in November. However, we have assessed that this will likely face serious challenges from cyber actors across the Far East.

Beijing’s increasing interest in the Taiwan Strait will likely result in surging Chinese state cyber actor operations throughout the period leading up the November 5th US Presidential Election as a potential conflict in the region could be influenced by Washington’s desires to preserve stability in the area.

We have assessed that aggressive social media disinformation operations will likely target US businesses and government officials to shape the global information domain in favor of Chinese interests.

These nation state-level offensive protocols will likely impact the technology sector with China demonstrating increasing levels of sophistication including the incorporation of generative artificial intelligence (GenAI) technologies, that would allow for scaled campaigns, resulting in social tensions and the erosion of confidence in US-based establishments.

Impacted Western Sectors

As China inches closer to its intelligence gathering objectives, its state actors have pivoted to a more destructive posture by launching cyber-attacks, including a recent Volt Typhoon operation, against US-based critical national infrastructure and military assets in what we have assessed to likely be a pre-positioned attack against Western infrastructure as a precursor for any potential military conflicts with Washington and to disrupt communications between the US and its allies within East Asia, including Taiwan and Japan. This could potentially deter US military engagements by delaying US decision making, inducing societal panic, and interfering with the deployment of US forces.

We have assessed that these offensive efforts will likely spill over into the education, energy, finance, government, and healthcare, as well as the aerospace and defense verticals.

Defense Strategies

Based on the attack chain that we have detected to have been incorporated by Chinese sponsored cyber forces, the Quorum Cyber Threat Intelligence team strongly recommends that organizations implement the following defensive measures to strengthen operational resilience:

Initial Assessment

Assess the organization’s current security posture and implement Cybersecurity Performance Goals (CPGs) to bolster resilience.

Establish a baseline normal host behavior and user activity to detect anomalous activity on endpoints when reviewing logs.

Mitigate Risk

Prioritize mitigation of Known Exploited Vulnerabilities (KEV)[2], including the top Common Vulnerabilities and Exposures (CVEs) leveraged by Chinese state actors.

Prioritize logging (e.g., command-line interface “CLI”) and close and/or monitor high-risk ports (e.g., Remote Desktop Protocol, Server Message Block).

Establish the principle of least privilege by isolating privileged administrator actions and locations to a manageable subset of locations, where effective baselines can be established.

Craig Watt is a Threat Intelligence Consultant at Quorum Cyber

Image: Ideogram

You Might Also Read:

Cyber Aftermath From The Airstrike On Syria’s Iranian Consulate:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.