The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

From Russia with Loath - What Has Happened?

Cyber Security
17 April 2018 | Updated 20 April 2018

Exactly what is going on and who should be worried as the US Department of Homeland Security, FBI and the UK’s National Cyber Security Centre release a joint Technical Alert about malicious cyber activity carried out by the Russian Government.

Multiple sources including private and public sector cyber security research organisations and allies have reported Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations.

A Man-in-the-middle attack is where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

The US and UK governments have high confidence that Russian state-sponsored cyber actors were behind this malicious cyber activity that aimed to exploit network infrastructure devices.


What is the threat?

Russian state-sponsored cyber actors have conducted both broad-scale and targeted scanning of Internet address spaces. Such scanning allows this actor to identify enabled Internet-facing ports and services, conduct device fingerprinting and discover vulnerable network infrastructure devices.

Russian cyber actors leverage several legacy or weak protocols and service ports associated with network administrations activities. These tactics can be used to identify vulnerable devices, obtain log in credentials, masquerade as privileged users, modify device firmware, copy or redirect victim traffic throughout Russian cyber-actor-controlled infrastructure and several other malicious activities.


What are the consequences of these attacks?

Russian actors could possibly modify or deny traffic traversing through the router and potentially target the network devices from other manufacturers.

A malicious actor with presence on an organisation’s gateway router has the ability to monitor, modify and deny traffic to and from the organisation.

There is a possibility that a malicious actor may gain control of a router between Industrial Control Systems (ICS). Supervisory Control and Data Acquisition (ISC-SCADA) sensors and controllers in a critical infrastructure, such as electrical power sector can manipulate the messages, creating dangerous configurations that could lead to loss of service or physical destruction. Whoever controls the routing structure of a network essentially controls the data flowing through the network.


Who is being targeted?

The targets of this malicious cyber activity are primarily government and private sector organisations, critical infrastructure providers and the Internet Service Providers supporting these sectors. Specifically, these cyber exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, Network Intrusion Detection System.


Why should I be concerned?

Network devices are often easy targets as once installed they are not maintained at the same level as desktops and servers. Hostile states don’t just target governments and small businesses and home users are not just vulnerable to criminals.


Who should read the Technical Alert?

Network device vendors, Internet Service Providers, public sector organisation, private sector corporations and small office home office (SOHO) customers should read this report and act on the recommended mitigation strategies.


What information can I find in the Technical Alert?

This alert contains indicators of compromise, technical details on the tactics, techniques and procedures and contextual information regarding observed behaviours on the networks of compromised victims.


What mitigation measures are in place?

There is a significant amount of guidance in this alert to mitigate the exploitation vectors identified. However, users should refer to the vendor-specific guidance for the make and model of their network device in operations.


Crackdown On The Dark Web

On April 11, the Home Secretary declared a crackdown on criminals who exploit the dark web.

Speaking at the CYBER UK Conference in Manchester, the Home Secretary announced that as part of a £9 million fund, law enforcement’s response will be bolstered to tackle those who use the anonymity of the online space for illegal activities such as the selling of firearms, drugs, malware and people.

More than £5 million will also be used to support the police to establish dedicated cyber crime units to investigate and pursue cyber criminals at a regional and local level.

Rudd said: "The world of cyber is fast-developing and we need a fast-developing response to match. One that recognises that it is the responsibility of everyone in the UK to fight the evolving threat.

"We need to make sure we stay not just at pace but steps ahead of those who seek to exploit the possibilities of modern technology and I am determined that this Government will continue to tighten the net."

A proportion of the £50 million will be used to develop a new national training programme for police and the wider criminal justice system, sponsored by the National Police Chiefs Council. This will equip them with the tools to properly investigate and prosecute cases of cyber crime, including those relating to the dark web.

The Cyber Aware campaign, a cross-Government initiative, will also receive a further £3 million of funding for 2018/2019 to educate the public and businesses with the latest advice on how to protect themselves from cyber crime.

Article written by Brian Shillibeer | Published 17 April 2018


Related Articles

From Russia With Loath - World Cyber War Happening

A joint US-UK statement has been made on malicious cyber activity carried out by the Russian government. The National Cyber Security Centre (NCSC), Federal Bureau of...

 Read Full Article
£17 Million Or 4% Of Turnover - Will Hacked Sodexo Face Crippling Fine?

Sodexo Engage has been hacked - seriously hacked - with the company having to advise users of one of its services to cancel their credit and debit cards as a...

 Read Full Article
UK Steps Up Cyber Defence Ahead Of Russian Threat

With Russia on the prowl, UK Cyber Defence is getting a new Defence Cyber School and the military are flexing their cyber defence and attack muscles. Part of a...

 Read Full Article
How to Identify and Address IoT Security Weaknesses

Data-driven facilities management is now the expected norm, but security concerns about IoT systems still remain amongst FMs and tenants. The Internet of Things (IoT)...

 Read Full Article
NHS IT Services Supplier Victim of Ransomware Attack

It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...

 Read Full Article
Smart Buildings at Increased Risk of Cyber Attacks, Says Verdantix

The operational technology that powers connected devices across building systems is providing more entry points for cyber criminals to exploit, says research and advisory...

 Read Full Article
BESA Tightens Security After Fraud Incident

The Building Engineering Services Association (BESA) says it has carried out a thorough review of the security procedures behind its online training schemes...

 Read Full Article
Real Estate Operations in Russia – The Industry Reacts

Several major players in the global real estate market have published statements on their stance on business operations in Russia.   CBRE to Discontinue Most...

 Read Full Article
Commercial Property Sector Responds to Russia Sanctions

As a growing number of firms seek to distance themselves from Russia after the invasion of Ukraine, what are the major players in commercial real estate...

 Read Full Article
How a Russian Invasion of Ukraine Could Affect Global Markets

In the event of a Russian invasion of Ukraine, several markets could feel the effect, including energy, grain and fuel. The USA, UK and the EU have already begun...

 Read Full Article