Dark Reading's article, "Security Tech That Can Make a Difference During an Attack" examines lessons from the Volt Typhoon cyberattack on Littleton Electric Light and Water Departments (LELWD), where attackers exploited a year-old firewall vulnerability and remained undetected for over 300 days. Despite gaps in security policies, the utility's network segmentation prevented the attackers from compromising its operational technology (OT) network, highlighting the importance of this defense measure.
MITRE's Joe Slowick, principal threat intelligence analyst, says, "A lot of what Volt Typhoon does—because they eschew using custom tools—really starts [to impact] how you detect malicious entities operating in these environments in a fairly standard or universal way. If the defensive community can identify effective means of responding to identifying and mitigating against these sorts of behaviors, we then have the ability to really put a variety of threat actors on the back foot quite quickly as a result."
The article emphasizes proactive strategies such as timely updates to perimeter devices, monitoring internal "east-west" traffic, and ensuring visibility across all network assets to detect anomalies and lateral movement. It also advocates building foundational defenses like logging and monitoring before investing in advanced threat hunting, leveraging network experts for anomaly detection, and using threat intelligence to protect high-value assets like GIS servers. These measures collectively strengthen an organization's ability to detect and mitigate sophisticated cyber threats effectively.