The UK & US Governments have issued a joint Technical Alert advising all businesses – public and private sector, critical infrastructure providers, and ISPs supported them – to review their network security and report back on any signs of malicious cyber activity carried out by or on behalf of the Russian Government.
This first joint security statement, Government officials said they had “high confidence” that Russian state-sponsored cyber actors was behind the “broad campaign” to compromise network hardware devices such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS).
By compromising these devices, the cyber criminals are able to redirect traffic, steal valuable information, and have a staging post for future offensive activity. Multiple sources, including private and public-sector cyber security research organisations and allies, have reported this activity to the U.S. and UK governments.
Businesses of all sizes are advised to read the Technical Alert and act on the recommendations. The alert contains details of Indicators of Attack (IoA) on the networks of compromised victims. Any signs of compromise should be reported to DHS, FBI, NCSC or law enforcement immediately.
Ciaran Martin, CEO of the National Cyber Security Centre said:
“This is the first time that in attributing a cyber attack to Russia the U.S. and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.
Guards all the doors and holds all the keys
Network devices are ideal targets, as the majority of organizational and customer traffic must traverse these critical devices. Any cyber criminal with access to these devices can monitory, modify, deny and redirect traffic as desired. This coupled with a lack of regular updates, as once installed network devices are often neglected when assumed to be working correctly, often only receiving attention when a fault arises, means a complete layer of corporate security could be bypassed without knowing.
Mitigation Strategies
There is a large amount of publicly available cybersecurity guidance and best practices from NCSC, DHS, device vendors, and the cybersecurity community on mitigation strategies.
The advice given to firms in Technical Alert TA18-106A includes ways to configure their systems correctly and how to apply patches to address hardware vulnerabilities.
- Review network device logs and data for indications of compromise on all network device hosts.
- Do not allow unencrypted management protocols to enter an organization from the Internet.
- Harden the encrypted protocols based on current best security practice.
- Do not allow Internet access to the management interface of any network device.
- Immediately change default passwords and enforce a strong password policy.
- Apply software updates and security patches to all devices.
Also ensure a reputable Endpoint Detection and Response solution is in place across the network, such as Panda Adaptive Defense, to mitigate attacks should your network devices be compromised.
See It. Say It. Sorted.