Agencies urge action to eliminate cyber defects in small/home office routers

Jan 31, 2024 - 03:04 PM
cybersecurity-hand-lock-graphic_900x400

The Cybersecurity & Infrastructure Security Agency and FBI Jan. 31 urged small office and home office router manufacturers to eliminate exploitable defects in their products and integrate security into their product design and development, citing recent reports that threat actors known as “Volt Typhoon” and associated with the People’s Republic of China are exploiting defects in these products to compromise networks across U.S. critical infrastructure.

“This alert highlights two critical and strategic cyber risk issues we are facing as a health care sector and as a nation,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “First, the ongoing strategic and aggressive cyber threat posed by the Chinese government to infiltrate our critical infrastructure and pre-position potentially destructive malware such as Volt Typhoon. Second, we must rely on technology developers, including router manufacturers, to implement government-specified ‘secure by design’ protocols to ensure that the highest level security testing and features are included in their products at the design phase. Vulnerabilities in third-party technology continue to be a primary attack vector for cyber adversaries targeting health care and all of U.S. critical infrastructure. The primary responsibility for securing third-party technology must shift from the end user to the technology developers so they are secure by design.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
CISA issues update on voluntary cybersecurity performance goals 
The Cybersecurity and Infrastructure Security Agency Dec. 11 released an update to its voluntary Cybersecurity Performance Goals, which includes measurable…
Headline
Agencies warn of state-sponsored cyberattacks from Russia, China
U.S. and international agencies are warning of potential cyberattacks on health care and other critical infrastructure from state-sponsored cyber actors in…
Headline
CISA alerts of critical vulnerability impacting free program used for building user interfaces 
A critical, unauthenticated remote code execution vulnerability known as React2Shell has been added to the Cybersecurity and Infrastructure Security Agency’s…
Headline
Resources available to help detect malicious AI schemes
The FBI has public resources available to help prevent exploitation by cybercriminals, who use artificial intelligence for deception. An infographic by the FBI…
Headline
NIST says critical vulnerability found in 7-Zip archiving software
A critical vulnerability has been identified in 7-Zip, a free software program used for archiving data, according to the National Institute of Standards and…
Headline
Agencies release guide to protect against bulletproof hosting provider cybercrimes 
U.S. and international agencies Nov. 19 released a guide on mitigating potential cybercrimes from bulletproof hosting providers. A BPH provider is an internet…