While satellite communications are convenient, they are also prone to malicious intrusions. Recently, the US CISA ad FBI have warned the same as they suspect cyber threats to SATCOM networks.
Alerts Issued For SATCOM Cyber Threats
In a recent advisory of the US CISA, the organization has warned SATCOM networks to remain wary of cyber threats.
As elaborated, CISA and FBI suspect serious cybersecurity risks to the international satellite communication (or SATCOM) networks. Given the users’ reliance on these communication means, any malicious intrusions against these networks can impart detrimental consequences.
Given the current geopolitical situation, CISA’s Shields Up initiative requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity.
Currently, the advisory doesn’t specifically explain the kind of threats organizations have found. But the ongoing turmoil and the subsequent cybersecurity incidents in the wake of the Ukraine-Russia conflict may have generated alarms. One such incident is the attack on KA-SAT network that caused satellite network outages in parts of Europe.
ℹ️ Update: Satellite operator Viasat’s KA-SAT network in Europe remains heavily impacted 18 days after it was targeted by an apparent cyberattack, one of several incidents observed as Russia launched its invasion of Ukraine on the morning of 24 Feb 🛰
📰 https://t.co/S0qJQ7CbNv pic.twitter.com/nLNlquYQF9
— NetBlocks (@netblocks) March 15, 2022
CISA and FBI urge SATCOM network providers to enhance their security statuses.
CISA and FBI strongly encourages critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity.
Recommended Mitigations
The advisory also lists some mitigation strategies that the firms and customers can adopt to alleviate the probabilities of damages.
Briefly, the organizations urge the network providers to deploy “additional monitoring at ingress and egress points” to detect anomalous traffic. Such measures include detecting remote access tools, unexpected network traffic destinations, monitoring overall traffic flow, unauthorized use of backups, and brute force attempts.
Whereas, the customers (and the networks) should ensure applying basic security best practices, such as using strong passwords, MFA logins, minimizing access to unnecessary privileges, and implementing encryption.