Preparing For A South China Sea Cyber Storm

As tensions between China and the US heat up, strategic moves are gaining traction that will inevitably have repercussions on the Western world for generations.

However, the world must be aware that as the geopolitical landscape continues to fracture, cyberspace will almost certainly act as a second front for nation states to achieve their agendas, potentially impacting global businesses across the industry spectrum.

The perceived threat posed by Beijing is manifested by the territorial disputes between China with both Japan and the Philippines respectively, with the former regarding the Senkaku Islands in the East China Sea and the latter pertaining to Second Thomas Shoal, located close to the coast of the Philippine Island of Palawan. Taiwan also plays a critical role with China bent on reunification with the island.

However, Beijing cannot realistically invade Taiwan without encountering the Philippines or Japanese bases. Why?

Primarily because there is a proximity of less than a few hundred miles of water separating Philippine and Japanese territory from Taiwan. Further, both the Philippines President Ferdinand Marcos Jr and the Japanese Prime Minister Fumio Kishida have publicly stated that peace in Taiwan is essential to their respective national security postures.

Has China United A Tri-Lateral Faction? 

US President Joe Biden and his counterparts, Kishida and Marcos Jr., held the first-ever U.S.-Japan-Philippines trilateral summit on April 11th, highlighting the importance of the US Indo-Pacific Strategy, with the leaders pledging to pursue a free and open Indo-Pacific “for decades to come.”

A recently formed trilateral US-Japan-Philippines relationship is not the only faction threatening Chinese interests these days as the US, Japan and South Korea have also enhanced their defense cooperation; whilst Tokyo is strengthening security ties with the Southeast Asian thorn in the side of Beijing, that is Vietnam. 

An Artificial Chinese Response? 

The current Biden administration will likely view this new partnership as a method of withstanding potential leadership changes in the upcoming US Presidential Election in November. However, we have assessed that this will likely face serious challenges from cyber actors across the Far East.  

Beijing’s increasing interest in the Taiwan Strait will likely result in surging Chinese state cyber actor operations throughout the period leading up the November 5th US Presidential Election as a potential conflict in the region could be influenced by Washington’s desires to preserve stability in the area.

We have assessed that aggressive social media disinformation operations will likely target US businesses and government officials to shape the global information domain in favor of Chinese interests.

These nation state-level offensive protocols will likely impact the technology sector with China demonstrating increasing levels of sophistication including the incorporation of generative artificial intelligence (GenAI) technologies, that would allow for scaled campaigns, resulting in social tensions and the erosion of confidence in US-based establishments. 

Impacted Western Sectors 

As China inches closer to its intelligence gathering objectives, its state actors have pivoted to a more destructive posture by launching cyber-attacks, including a recent Volt Typhoon operation, against US-based critical national infrastructure and military assets in what we have assessed to likely be a pre-positioned attack against Western infrastructure as a precursor for any potential military conflicts with Washington and to disrupt communications between the US and its allies within East Asia, including Taiwan and Japan. This could potentially deter US military engagements by delaying US decision making, inducing societal panic, and interfering with the deployment of US forces.

We have assessed that these offensive efforts will likely spill over into the education, energy, finance, government, and healthcare, as well as the aerospace and defense verticals. 

Defense Strategies 

Based on the attack chain that we have detected to have been incorporated by Chinese sponsored cyber forces, the Quorum Cyber Threat Intelligence team strongly recommends that organizations implement the following defensive measures to strengthen operational resilience: 

Initial Assessment 

  •  Assess the organization’s current security posture and implement Cybersecurity Performance Goals (CPGs) to bolster resilience.  
  • Establish a baseline normal host behavior and user activity to detect anomalous activity on endpoints when reviewing logs. 

Mitigate Risk 

  • Prioritize logging (e.g., command-line interface “CLI”) and close and/or monitor high-risk ports (e.g., Remote Desktop Protocol, Server Message Block).
  • Establish the principle of least privilege by isolating privileged administrator actions and locations to a manageable subset of locations, where effective baselines can be established.

 
Craig Watt is a Threat Intelligence Consultant at Quorum Cyber  

Image: Ideogram

You Might Also Read: 

Cyber Aftermath From The Airstrike On Syria’s Iranian Consulate:  


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Rising AI Security Threats To Small Businesses
Taiwan Targeted In Espionage Campaign »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

HyTrust

HyTrust

HyTrust specialises in security, compliance and control software for virtualization and cloud environments.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

Bowbridge

Bowbridge

Bowbridge provides anti-virus and application security solutions for SAP systems.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

SGBox

SGBox

SGBox is a highly flexible and scalable solution for IT security. Choose the modules which your company needs and implement it without any modification to your network infrastructure.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Raiven Capital

Raiven Capital

Raiven Capital is a global early-stage technology venture capital fund. We focus on founder-led, driven companies on the leading edge of disruption.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

Codezero Technologies

Codezero Technologies

Codezero is at the forefront of microservices development, employing an identity-aware overlay network that delivers zero-trust security to DevOps.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.