H-ISAC TLP White Threat Bulletin: US Federal Agencies Issue New Recommendations for VSAT Communications

The United States Federal Bureau of Investigation (FBI) and National Security Agency (NSA) have identified a potential increased risk to data transmitted by Very Small Aperture Terminals (VSAT).  Given the rising geopolitical tensions, vulnerable VSAT implementations may be an attack vector for threat actors looking to gain sensitive visibility into unencrypted transmissions.

According to the agencies, network defenders should conduct an asset inventory of VSAT appliances within their environment to conduct further analysis of best practices given the newly released federal recommendations.

The FBI alert, which can be accessed here, and the NSA alert, which can be accessed here, are released at TLP:WHITE for community awareness. Health-ISAC members are encouraged to use the intelligence and recommendations in this alert in conjunction with their own security posture.

VSAT networks are increasingly used for remote communications and utilize Transmission Control Protocol, Internet Protocol, and radio-frequency channels to transmit data. Due to the nature of VSAT network communication links and recent vulnerabilities discovered in VSAT terminals, network communications over these links are at risk of being exposed and may be targeted for the information they contain or to compromise connected networks. 

Most of these links are unencrypted and rely on frequency separation or hopping to separate communications. 

Recently conducted research discovered man-in-the-middle attacks against maritime VSAT signals can be conducted at low cost to threat actors, disabling a previous barrier and presenting opportunities for threat actors to potentially gain visibility into sensitive information.