Security agencies warn of Russian cyber campaign against company networks

FBI, DHS and NCSC say Russia is attempting to hijack vulnerable network hardware

UK and US security agencies have alerted governments and private companies to a global, state-sponsored hacking campaign on network infrastructure thought to coming from Russia.

The FBI, Department for Homeland Security (DHS) and the National Cyber Security Centre (NCSC) issued a joint Technical Alert on Monday describing a Russian-backed assault on routers, switches, firewalls and other network-based systems in an attempt to launch man-in-the-middle attacks.

"[The] FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations," the alert read.

Reports compiled over the past three years have demonstrated that criminals are exploiting "large numbers of enterprise-class and SOHO/residential routers and switches worldwide".

Early analysis of the campaign has identified targets to primarily be government and private sector organisations, although those providing critical network infrastructure and internet services providers have also been hit by the attack, US authorities said.

Advertisement
Advertisement - Article continues below

It's thought that Russian cyber criminals have been able to exploit vulnerable or weak security protocols on infrastructure equipment, allowing them to map the entirety of a network.

Once inside, hackers have been found masquerading as privileged users, harvesting login credentials and device information, and even redirecting network traffic through criminal-controlled infrastructure.

Routers, switches and other such network hardware are proving to be popular targets for hackers as most or all organisational or customer traffic must be funnelled through these devices, the alert explained. Once installed into a system, these devices are rarely maintained to the same degree as other IT hardware, and few are protected by antivirus software or regular patches.

"An actor controlling a router between Industrial Control Systems Supervisory Control and Data Acquisition (ICS-SCADA) sensors and controllers in a critical infrastructure such as the energy sector can manipulate the messages, creating dangerous configurations that could lead to loss of service or physical destruction. Whoever controls the routing infrastructure of a network essentially controls the data flowing through the network," the alert added.

The alert also offers some general advice on how to mitigate these styles of attacks, including the changing of any default passwords associated with a new device and the implementation of two-factor authentication.

However, specific advice has also been given to manufacturers, security vendors and ISPs, mostly in an attempt to force a move away from the use of legacy equipment or older protocol standards. It also warns that network operators should look out for malicious activity, and ensure that network devices are configured in a way that blocks unencrypted traffic from heading to external internet-based hosts.

The alert comes months after UK defence secretary Gavin Williamson suggested that a Russian cyber attack against Britain's infrastructure could cause "total chaos".

The NCSC also warned last week that the scale and severity of the threats facing UK businesses were "bigger than ever", and that it was highly likely 2018 would bring further attacks in the form of exploits to IoT devices and hacks on cloud services.

Image: Shutterstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019