Security agencies warn of Russian cyber campaign against company networks

FBI, DHS and NCSC say Russia is attempting to hijack vulnerable network hardware

UK and US security agencies have alerted governments and private companies to a global, state-sponsored hacking campaign on network infrastructure thought to coming from Russia.

The FBI, Department for Homeland Security (DHS) and the National Cyber Security Centre (NCSC) issued a joint Technical Alert on Monday describing a Russian-backed assault on routers, switches, firewalls and other network-based systems in an attempt to launch man-in-the-middle attacks.

Advertisement - Article continues below

"[The] FBI has high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations," the alert read.

Reports compiled over the past three years have demonstrated that criminals are exploiting "large numbers of enterprise-class and SOHO/residential routers and switches worldwide".

Early analysis of the campaign has identified targets to primarily be government and private sector organisations, although those providing critical network infrastructure and internet services providers have also been hit by the attack, US authorities said.

It's thought that Russian cyber criminals have been able to exploit vulnerable or weak security protocols on infrastructure equipment, allowing them to map the entirety of a network.

Once inside, hackers have been found masquerading as privileged users, harvesting login credentials and device information, and even redirecting network traffic through criminal-controlled infrastructure.

Advertisement - Article continues below
Advertisement - Article continues below

Routers, switches and other such network hardware are proving to be popular targets for hackers as most or all organisational or customer traffic must be funnelled through these devices, the alert explained. Once installed into a system, these devices are rarely maintained to the same degree as other IT hardware, and few are protected by antivirus software or regular patches.

"An actor controlling a router between Industrial Control Systems Supervisory Control and Data Acquisition (ICS-SCADA) sensors and controllers in a critical infrastructure such as the energy sector can manipulate the messages, creating dangerous configurations that could lead to loss of service or physical destruction. Whoever controls the routing infrastructure of a network essentially controls the data flowing through the network," the alert added.

The alert also offers some general advice on how to mitigate these styles of attacks, including the changing of any default passwords associated with a new device and the implementation of two-factor authentication.

Advertisement - Article continues below

However, specific advice has also been given to manufacturers, security vendors and ISPs, mostly in an attempt to force a move away from the use of legacy equipment or older protocol standards. It also warns that network operators should look out for malicious activity, and ensure that network devices are configured in a way that blocks unencrypted traffic from heading to external internet-based hosts.

The alert comes months after UK defence secretary Gavin Williamson suggested that a Russian cyber attack against Britain's infrastructure could cause "total chaos".

The NCSC also warned last week that the scale and severity of the threats facing UK businesses were "bigger than ever", and that it was highly likely 2018 would bring further attacks in the form of exploits to IoT devices and hacks on cloud services.

Image: Shutterstock

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now

Most Popular


Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020