The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Monday, 30 March

From Russia with Loath - What Has Happened?

Cyber Security

Exactly what is going on and who should be worried as the US Department of Homeland Security, FBI and the UK’s National Cyber Security Centre release a joint Technical Alert about malicious cyber activity carried out by the Russian Government.

Multiple sources including private and public sector cyber security research organisations and allies have reported Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations.

A Man-in-the-middle attack is where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

The US and UK governments have high confidence that Russian state-sponsored cyber actors were behind this malicious cyber activity that aimed to exploit network infrastructure devices.

 

What is the threat?

Russian state-sponsored cyber actors have conducted both broad-scale and targeted scanning of Internet address spaces. Such scanning allows this actor to identify enabled Internet-facing ports and services, conduct device fingerprinting and discover vulnerable network infrastructure devices.

Russian cyber actors leverage several legacy or weak protocols and service ports associated with network administrations activities. These tactics can be used to identify vulnerable devices, obtain log in credentials, masquerade as privileged users, modify device firmware, copy or redirect victim traffic throughout Russian cyber-actor-controlled infrastructure and several other malicious activities.

 

What are the consequences of these attacks?

Russian actors could possibly modify or deny traffic traversing through the router and potentially target the network devices from other manufacturers.

A malicious actor with presence on an organisation’s gateway router has the ability to monitor, modify and deny traffic to and from the organisation.

There is a possibility that a malicious actor may gain control of a router between Industrial Control Systems (ICS). Supervisory Control and Data Acquisition (ISC-SCADA) sensors and controllers in a critical infrastructure, such as electrical power sector can manipulate the messages, creating dangerous configurations that could lead to loss of service or physical destruction. Whoever controls the routing structure of a network essentially controls the data flowing through the network.

 

Who is being targeted?

The targets of this malicious cyber activity are primarily government and private sector organisations, critical infrastructure providers and the Internet Service Providers supporting these sectors. Specifically, these cyber exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, Network Intrusion Detection System.

 

Why should I be concerned?

Network devices are often easy targets as once installed they are not maintained at the same level as desktops and servers. Hostile states don’t just target governments and small businesses and home users are not just vulnerable to criminals.

 

Who should read the Technical Alert?

Network device vendors, Internet Service Providers, public sector organisation, private sector corporations and small office home office (SOHO) customers should read this report and act on the recommended mitigation strategies.

 

What information can I find in the Technical Alert?

This alert contains indicators of compromise, technical details on the tactics, techniques and procedures and contextual information regarding observed behaviours on the networks of compromised victims.

 

What mitigation measures are in place?

There is a significant amount of guidance in this alert to mitigate the exploitation vectors identified. However, users should refer to the vendor-specific guidance for the make and model of their network device in operations.

 

Crackdown On The Dark Web

On April 11, the Home Secretary declared a crackdown on criminals who exploit the dark web.

Speaking at the CYBER UK Conference in Manchester, the Home Secretary announced that as part of a £9 million fund, law enforcement’s response will be bolstered to tackle those who use the anonymity of the online space for illegal activities such as the selling of firearms, drugs, malware and people.

More than £5 million will also be used to support the police to establish dedicated cyber crime units to investigate and pursue cyber criminals at a regional and local level.

Rudd said: "The world of cyber is fast-developing and we need a fast-developing response to match. One that recognises that it is the responsibility of everyone in the UK to fight the evolving threat.

"We need to make sure we stay not just at pace but steps ahead of those who seek to exploit the possibilities of modern technology and I am determined that this Government will continue to tighten the net."

A proportion of the £50 million will be used to develop a new national training programme for police and the wider criminal justice system, sponsored by the National Police Chiefs Council. This will equip them with the tools to properly investigate and prosecute cases of cyber crime, including those relating to the dark web.

The Cyber Aware campaign, a cross-Government initiative, will also receive a further £3 million of funding for 2018/2019 to educate the public and businesses with the latest advice on how to protect themselves from cyber crime.

Article written by Brian Shillibeer

Share



Related Articles

From Russia With Loath - World Cyber War Happening

A joint US-UK statement has been made on malicious cyber activity carried out by the Russian government. The National Cyber Security Centre (NCSC), Federal Bureau of...

 Read Full Article
£17 Million Or 4% Of Turnover - Will Hacked Sodexo Face Crippling Fine?

Sodexo Engage has been hacked - seriously hacked - with the company having to advise users of one of its services to cancel their credit and debit cards as a...

 Read Full Article
UK Steps Up Cyber Defence Ahead Of Russian Threat

With Russia on the prowl, UK Cyber Defence is getting a new Defence Cyber School and the military are flexing their cyber defence and attack muscles. Part of a...

 Read Full Article
More Global FM Firms Hit By Cyber Attacks

EMCOR Group and Bouyges are the latest FM companies targeted by malicious software attacks.  The website of EMCOR Group, the global providers of facility...

 Read Full Article
Nice People Come Last at Christmas

An HSBC report says fraud victims (especially during the festive season) are 10 per cent ‘nicer’ than those who’ve not suffered at the hands of...

 Read Full Article
World Education Not Taking Cyber Threat Cost Seriously

The 2019 Global DNS Threat Report has revealed the education sector is one of the most heavily targeted industries for cyber attacks - and yet invests very little to stop...

 Read Full Article
123456 - 23.2 Million Cyber Victims Used This Password

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...

 Read Full Article
Learning To Be Tough On Weak Passwords

East Ayrshire Council has blocked weak passwords after an annual audit revealed their 6,000 employees were leaving the organisation open to cyber threat. It was 2017...

 Read Full Article
Who Is The Weakest Link?

According to Sophos, 70% of internet users have the same password for almost all the web services they use - and there are groups of businesses and individuals who are...

 Read Full Article
Anatomy Of A Cyber Attack

The cyber attack on the global heavy manufacturing sites of Norsk Hydro saw the aluminium producer lose over £25.5 million in under a week. Here we detail three...

 Read Full Article