The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

From Russia With Loath - World Cyber War Happening

Cyber Crime
17 April 2018

A joint US-UK statement has been made on malicious cyber activity carried out by the Russian government.

The National Cyber Security Centre (NCSC), Federal Bureau of Investigation (FBI) and U. Department of Homeland Security (DHS), have issued a joint Technical Alert about malicious cyber activity carried out by the Russian Government.

The targets of this malicious cyber activity are primarily government and private sector organisations, critical infrastructure providers and the internet service providers (ISPs) supporting these sectors.

Specifically, these cyber exploits are directed at network infrastructure devices worldwide such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS).


Not safe at home office

Network device vendors, ISPs, public sector organisations, private sector corporations and small office and home office customers should read the alert (TA18-106A - and act on the recommended mitigation strategies. The alert contains indicators of compromise, technical details on the tactics, techniques and procedures (TTPs), and contextual information regarding observed behaviours on the networks of compromised victims.


The router of the problem

Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations. Multiple sources, including private and public-sector cyber security research organisations and allies, have reported this activity to the Us and UK governments.


A Man-in-the-middle attack is where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Jeanette Manfra, National Protection and Programs Directorate (NPPD) Assistant Secretary for Cybersecurity and Communications said: “Russian government activities continue to threaten our respective safety, security, and the very integrity of our cyber ecosystem.

“Through information sharing programs like Automated Indicator Sharing (AIS), we are building the capacity for collective defence to minimise threats between US and UK network devices. While DHS cannot protect every network at all times, we can ensure that we are all collectively empowered to secure our networks through government and industry working together."


Sharing info at commercial operation level

Manfra continued: “Cyber security is a shared responsibility and we understand that identifying a threat in one organisation’s network can prevent an attack in another.  Today’s joint Technical Alert is an example of how we are working with allies and partners to prevent cyber actors from having an impact on critical infrastructure to the fullest extent possible. Although this is the first time the NCSC is included as an author in a DHS and FBI joint product, our collaborative work has proved useful and effective in response to previous cyber related events.”



Howard Marshall, FBI Deputy Assistant Director said: "The activity highlighted today is part of a repeated pattern of disruptive and harmful malicious cyber action carried out by the Russian government.

"As long as this type of activity continues, the FBI will be there to investigate, identify and unmask the perpetrators, in this case, the Russian government.  The joint Technical Alert released today underscores our commitment to working with our partners, both at home and abroad, to combat malicious cyber activity and hold those responsible accountable.  We do not make this attribution lightly and will hold steadfast with our partners."


National Cyber Security Centre

Ciaran Martin, CEO of the National Cyber Security Centre said: “Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority for the National Cyber Security Centre and our US allies. This is the first time that in attributing a cyber attack to Russia the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.

“For over twenty years, GCHQ has been tracking the key Russian cyber attack groups and today’s joint UK-US alert shows that the threat has not gone away. The UK government will continue to work with the US, other international allies and industry partners to expose Russia’s unacceptable cyber behaviour, so they are held accountable for their actions.

“Many of the techniques used by Russia exploit basic weaknesses in network systems. The NCSC is leading the way globally to automate defences at scale to take away some of those basic attacks, thereby allowing us to focus on the most potent threats.”

Anyone who finds signs of the malicious activity described in TA18-106A is encouraged to report them to DHS’s National Cybersecurity and Communications Integration Center (NCCIC), FBI, NCSC or law enforcement immediately.


Download the National Cyber Security Centre Advisory

This advisory provides information on the worldwide cyber exploitation of network infrastructure devices such as routers, switches, firewalls, Network-based Intrusion Detection System.

Picture: A joint US-UK statement has been made on malicious cyber activity carried out by the Russian government.

Article written by Brian Shillibeer | Published 17 April 2018


Related Articles

£17 Million Or 4% Of Turnover - Will Hacked Sodexo Face Crippling Fine?

Sodexo Engage has been hacked - seriously hacked - with the company having to advise users of one of its services to cancel their credit and debit cards as a...

 Read Full Article
From Russia with Loath - What Has Happened?

Exactly what is going on and who should be worried as the US Department of Homeland Security, FBI and the UK’s National Cyber Security Centre release a joint...

 Read Full Article
123456 - 23.2 Million Cyber Victims Used This Password

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...

 Read Full Article
Attack On Critical National Infrastructure Imminent

Over half of the respondents to a survey have said they believe an attack on critical national infrastructure is imminent. Most respondents also think the convergence...

 Read Full Article
UK Steps Up Cyber Defence Ahead Of Russian Threat

With Russia on the prowl, UK Cyber Defence is getting a new Defence Cyber School and the military are flexing their cyber defence and attack muscles. Part of a...

 Read Full Article
National Warning as Major Cyber Attack Detected

Third parties who manage large organisations’ IT services have been attacked by suspected cyber terrorists the government's  National Cyber Security Centre...

 Read Full Article
How to Identify and Address IoT Security Weaknesses

Data-driven facilities management is now the expected norm, but security concerns about IoT systems still remain amongst FMs and tenants. The Internet of Things (IoT)...

 Read Full Article
NHS IT Services Supplier Victim of Ransomware Attack

It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...

 Read Full Article
Smart Buildings at Increased Risk of Cyber Attacks, Says Verdantix

The operational technology that powers connected devices across building systems is providing more entry points for cyber criminals to exploit, says research and advisory...

 Read Full Article
BESA Tightens Security After Fraud Incident

The Building Engineering Services Association (BESA) says it has carried out a thorough review of the security procedures behind its online training schemes...

 Read Full Article