U.S. and British government departments are warning businesses and individuals about a new global cyberattack targeting vulnerable routers and networking equipment across the world.
The Department of Homeland Security (DHS), FBI and United Kingdom’s Cyber Security Centre believe Russian state-sponsored cybercriminals are behind the attack. [Read the alert.]
“The current state of U.S. network devices—coupled with a Russian government campaign to exploit these devices—threatens the safety, security, and economic well-being of the United States,” the alert states.
How? They’re targeting network devices that are using default passwords or aren’t up to date on software.
It’s a man-in-the-middle attack where the compromised devices can be used as a tool for more malicious activity. The FBI is confident that will include supporting espionage, stealing intellectual property, and gaining and retaining access to networks. Big picture: it all puts the pieces in place for a future attack.
What should you do?
Hackers have always been scanning vulnerable devices, so you must do your part:
- Monitor your network for intrusions and frequently check your device logs (a history of activity records) for malicious access attempts.
- Regularly check with vendors for newly identified security vulnerabilities verification and detection and cross-check with your vendors.
- Download and install software and firmware updates, and patches from trusted sources.
Ready to take it further (and this might take someone with expertise):
- Do not allow unencrypted (plaintext) management protocols to enter your network.
- When encrypted protocols such as SSH, HTTPS, or TLS are not possible, management protocols from outside your organization should be done through an encrypted Virtual Private Network (VPN), where both ends are authenticated.
- Disable legacy unencrypted protocols (e.g. Telnet, FTP) and unnecessary devices. Where possible, use modern encrypted protocols such as SSH and SNMPv3.
- Restrict communications with host-based firewall to deny flow of packets from unwanted hosts.
- Enforce strong password polices, including avoid reusing the same password across multiple devices or implement two-factor authentication across your network.
Want to get even more technical yet?
- Implement Principles of Least Privilege (PoLP), separate sensitive information and security requirements when designing network segments.
- Block untrusted Internet-source access to your network device management interface and only restrict device management to an internal trusted host or LAN.
- Implement a VLAN Access Control List, a filter that controls access to and from VLANs.
- Segregate standard network traffic from management traffic.