The NSA [3] [4], in collaboration with CISA, FBI [2], and international partners such as the Australian Signals Directorate’s Australian Cyber Security Centre [2], has released a Cybersecurity Information Sheet outlining best practices for event logging and threat detection [3].
Description
This 17-page PDF sets a standard for event logging practices to combat cyber threats and urges IT decision-makers in both the public and private sectors to adopt the recommended measures. Targeted at senior IT decision makers [3], network administrators [3], and operators [3], the guidance aims to enhance resilience against cyber threats, particularly focusing on detecting living-off-the-land (LOTL) techniques [2]. The document stresses the significance of event logging across various networks to identify unusual behaviors exhibited by malware like the ‘KV Botnet’ utilized by threat groups like Volt Typhoon, a Chinese group that targets critical infrastructure. The Volt Typhoon threat actor utilized LOTL strategies to target Windows-based systems and evade detection [1]. Anomalous behaviors associated with LOTL techniques can help network defenders identify and respond to these malicious activities [1]. Additionally, the report underscores the collaboration with international partners to combat advanced persistent threats (APTs) employing LOTL techniques, offering valuable insights for organizations to enhance their security and incident response capabilities [3].
Conclusion
The release of this Cybersecurity Information Sheet highlights the importance of event logging and threat detection in combating cyber threats. By following the recommended best practices outlined in the document, organizations can enhance their security posture and better protect against advanced persistent threats utilizing living-off-the-land techniques. Collaboration with international partners further strengthens the collective effort to improve security and incident response capabilities in the face of evolving cyber threats.
References
[1] https://www.compliancejunction.com/guidance-recommendations-for-event-logging-and-threat-identification/
[2] https://www.cyberdaily.au/security/11000-acsc-partners-with-us-agencies-to-release-best-practice-guide-to-threat-detection
[3] https://intelligencecommunitynews.com/nsa-releases-event-logging-best-practices/
[4] https://www.infosecurity-magazine.com/news/nsa-releases-guide-living-off-the/