Security agencies warn of Russian cyber campaign against company networks

FBI, DHS and NCSC say Russia is attempting to hijack vulnerable network hardware

UK and US security agencies have alerted governments and private companies to a global, state-sponsored hacking campaign on network infrastructure thought to coming from Russia.

The FBI, Department for Homeland Security (DHS) and the National Cyber Security Centre (NCSC) issued a joint Technical Alert on Monday describing a Russian-backed assault on routers, switches, firewalls and other network-based systems in an attempt to launch man-in-the-middle attacks.

"[The] FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations," the alert read.

Reports compiled over the past three years have demonstrated that criminals are exploiting "large numbers of enterprise-class and SOHO/residential routers and switches worldwide".

Early analysis of the campaign has identified targets to primarily be government and private sector organisations, although those providing critical network infrastructure and internet services providers have also been hit by the attack, US authorities said.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It's thought that Russian cyber criminals have been able to exploit vulnerable or weak security protocols on infrastructure equipment, allowing them to map the entirety of a network.

Once inside, hackers have been found masquerading as privileged users, harvesting login credentials and device information, and even redirecting network traffic through criminal-controlled infrastructure.

Routers, switches and other such network hardware are proving to be popular targets for hackers as most or all organisational or customer traffic must be funnelled through these devices, the alert explained. Once installed into a system, these devices are rarely maintained to the same degree as other IT hardware, and few are protected by antivirus software or regular patches.

"An actor controlling a router between Industrial Control Systems Supervisory Control and Data Acquisition (ICS-SCADA) sensors and controllers in a critical infrastructure such as the energy sector can manipulate the messages, creating dangerous configurations that could lead to loss of service or physical destruction. Whoever controls the routing infrastructure of a network essentially controls the data flowing through the network," the alert added.

The alert also offers some general advice on how to mitigate these styles of attacks, including the changing of any default passwords associated with a new device and the implementation of two-factor authentication.

Advertisement - Article continues below

However, specific advice has also been given to manufacturers, security vendors and ISPs, mostly in an attempt to force a move away from the use of legacy equipment or older protocol standards. It also warns that network operators should look out for malicious activity, and ensure that network devices are configured in a way that blocks unencrypted traffic from heading to external internet-based hosts.

The alert comes months after UK defence secretary Gavin Williamson suggested that a Russian cyber attack against Britain's infrastructure could cause "total chaos".

The NCSC also warned last week that the scale and severity of the threats facing UK businesses were "bigger than ever", and that it was highly likely 2018 would bring further attacks in the form of exploits to IoT devices and hacks on cloud services.

Image: Shutterstock

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020