A Salt Typhoon wake-up
A vulnerability had a rare maximum severity score, but went unpatched
Chinese-state-backed hackers spent months inside America’s largest telecom networks, reading private messages from government officials and accessing law enforcement wiretap requests. The Salt Typhoon attacks compromised AT&T, Verizon, Charter and others by exploiting unpatched Cisco router vulnerabilities – vulnerabilities that were discovered and had patches released by the manufacturer up to seven years ago. Not only this, but among the vulnerabilities, one had a rare National Institute for Standards and Technology (NIST) severity score of ten – the very highest priority according to NIST’s calculus of what should be addressed.
As far as bottom-line relevance, first, there is a documented connection between the attack methods at the highest levels and cybercrime operations that go after businesses of all sizes; the heavy-hitters clear the paths that others imitate. But these breaches also reveal patterns that can teach us how to improve our defenses … [4 min. read]