Security Tech That Can Make a Difference During an Attack www.darkreading.com/cybersecu…

When the FBI contacted Massachusetts-based Littleton Electric Light and Water Departments (LELWD) about Volt Typhoon, the small public utility was not aware the Chinese attack group had already been in the company’s network for more than 300 days.

While the utility had security controls protecting the perimeter, there were some gaps in its security technology and policy. A more rigorous update strategy for its network and security appliances would have prevented the initial compromise. In addition, monitoring internal traffic — the “east-west” traffic — could have potentially detected anomalies in how the attackers were using the administrator tools, says John Burns, director of OT threat hunting for Dragos, an operational-technology security firm.

“Once my team went in and actually looked for it, we saw right away that things were happening,” Burns says. “That was just with minimal monitoring and minimal checking. We went in and looked, and right away you could tell something was off.”