Most people know that relations between Russia and the USA aren't too friendly right now. But in a report that's the first of its kind, in mid-April 2018 the US and UK governments issued warnings about Russian state-sponsored hacking of network devices.
While they've targeted the equipment of many government and critical infrastructure providers, small businesses and home offices have seen attacks as well. Let's see what these Russian hackers are doing, and how you can stay safe from it.
The Russian Attacks
It's evident that hackers working on behalf of the Russian government have been targeting network devices in business all over the country. Their goal? To comprise these pieces of equipment so they can be used for espionage and give them access into our goings-on.
The alert from the US and UK governments outlined several stages to the hacking campaign. This starts with general reconnaissance, where the hackers identify weak points in network equipment. They then weaponize these devices by exploiting their weaknesses and gaining full control to them.
Once they have control, they essentially "own" the device. Depending on the device they've compromised, they could pretend to be a legitimate user, gain further access through a backdoor they've opened, or monitor communications. When a malicious entity is in control of a network device like a router, they can essentially control it however they want.
This would allow them to monitor the traffic to see what employees were doing. Or, they could deny traffic to websites and services they didn't want users accessing. It's also possible that they'd modify traffic and redirect your connections to unsafe websites.
This is scary, because nearly all internet traffic travels through these devices. Having hackers in control of them with essentially no signs of the breach means that they could do a lot of damage before the business found out.
Protecting From These Attacks
Unlike many major cyber attacks, these don't rely on brand-new vulnerabilities or special malware. Instead, they're utilizing weaknesses in old and/or insecure networking equipment.
Poor security practices, such as not changing default passwords, using the same password on multiple devices, and not applying security updates, leave the door wide open to these remote attacks. Default passwords for routers and other equipment are freely available online, making them easy to break into.
Many of the victims of these hacks were using outdated products that don't support modern security features. They might lack encryption or use outdated standards that are easily broken. Worse yet, these out-of-support devices no longer receive security patches from the manufacturer. This means that once someone discovers an exploit, it won't get fixed.
In many organizations, networking equipment doesn't receive the routine maintenance that servers and computers do. This makes them more susceptible to tampering.
How We're Protecting You
Houk Consulting takes important steps to reduce your vulnerability to these kinds of attacks. We apply our list of firewall best practices and confirm their application regularly. For example, using strong passwords, turning off insecure protocols, and configuring protection options properly.
For our Managed Services clients we regularly check the networking equipment in your building to keep track of whether it's updated with the latest security patches. In addition, we keep track of the age of your equipment and advise you when it's time to upgrade at a product's end of life.
They are also protected with multiple layers of network security. For example, firewalls help stop traffic to or from unwanted destinations, filtering helps protect network traffic, and local antivirus protection on each machine reduces the likelihood of visiting malicious sites.
While what these Russian hackers are capable of can seem frightening, proper security practices reduces your risk of being affected by their attacks.