Commentary about CISA’s advisory re: Fox Kitten
September 2024 by Adam Maruyama, Field CTO of Garrison Technology
After the recent CISA advisory on Iran-linked threat actors (Fox Kitten) using their exploits for both government espionage and commercial ransomware operations. This is a great example of “good enough” security not being nearly “good enough” and nation-state exploits being used against a broader target set.
Adam Maruyama, Field CTO of Garrison Technology, a cybersecurity firm specializing in high-end isolation solutions, comment:
“CISA’s recent advisory regarding the joint governmental espionage and commercial ransomware activities of Iran-linked cyber group Fox Kitten shows how groups with the capabilities to attack some of the world’s most hardened networks are turning those capabilities to the broader commercial space. Increasing pressure from Fox Kitten and similarly equipped actors against commercial companies, particularly in non-regulated sectors, raises the stakes significantly in their fight against ransomware and other network intrusions.
“To put it simply, the architecture and technologies commercial companies use to detect and respond to low-to-moderate sophistication cyber attacks lacks the ability to effectively prevent and deter highly sophisticated cyber criminals and nation-state actors.
“If the trend of blurred lines between nation-state and criminal actors continues, commercial entities will need to augment their defenses by using defense-grade, high-assurance technology that aims to prevent, rather than detect, malicious activity using techniques like hardware-enforced isolation/access and content disarm and reconstruction (CDR). Unlike most commercial cybersecurity solutions, which analyze content and determines whether it’s malicious or not, these technologies treat all content as potentially malicious and use innovative methods to recreate safe, inert versions before content enters an organization’s systems.”