Blog & Tools

Russians at it again; US, UK warn businesses to do updates

Russian Hacker Cybersecurity Attack Warning

U.S. and British government departments are warning businesses and individuals about a new global cyberattack targeting vulnerable routers and networking equipment across the world.

It’s serious.

The Department of Homeland Security (DHS), FBI and United Kingdom’s Cyber Security Centre believe Russian state-sponsored cybercriminals are behind the attack. [Read the alert.]

“The current state of U.S. network devices—coupled with a Russian government campaign to exploit these devices—threatens the safety, security, and economic well-being of the United States,” the alert states.

How? They’re targeting network devices that are using default passwords or aren’t up to date on software.

It’s a man-in-the-middle attack where the compromised devices can be used as a tool for more malicious activity. The FBI is confident that will include supporting espionage, stealing intellectual property, and gaining and retaining access to networks. Big picture: it all puts the pieces in place for a future attack.

What should you do?

Hackers have always been scanning vulnerable devices, so you must do your part:

  • Monitor your network for intrusions and frequently check your device logs (a history of activity records) for malicious access attempts.
  • Regularly check with vendors for newly identified security vulnerabilities verification and detection and cross-check with your vendors.
  • Download and install software and firmware updates, and patches from trusted sources.

Ready to take it further (and this might take someone with expertise):

  • Do not allow unencrypted (plaintext) management protocols to enter your network.
  • When encrypted protocols such as SSH, HTTPS, or TLS are not possible, management protocols from outside your organization should be done through an encrypted Virtual Private Network (VPN), where both ends are authenticated.
  • Disable legacy unencrypted protocols (e.g. Telnet, FTP) and unnecessary devices. Where possible, use modern encrypted protocols such as SSH and SNMPv3.
  • Restrict communications with host-based firewall to deny flow of packets from unwanted hosts.
  • Enforce strong password polices, including avoid reusing the same password across multiple devices or implement two-factor authentication across your network.

Want to get even more technical yet?

  • Implement Principles of Least Privilege (PoLP), separate sensitive information and security requirements when designing network segments.
  • Block untrusted Internet-source access to your network device management interface and only restrict device management to an internal trusted host or LAN.
  • Implement a VLAN Access Control List, a filter that controls access to and from VLANs.
  • Segregate standard network traffic from management traffic.

?Free Cybersecurity Posters

Posted: April 19, 2018
Topic: Cybersecurity
Type: Blog
Related Posts

You Might Also Like

  1. How businesses can protect themselves from cybercriminals
    Cybercrimes continue to plague businesses large and small as criminals get even more creative about the way they target their victims. In 2021 in the United States, cybercrimes cost the country nearly $7 billion. To discuss this continuing issue
  2. Supply chain shortages drive demand for nimble, creative solutions at SDN
    When supply chain issues threatened to delay a project for a company he was working with, SDN Communications Senior Account Executive Jon Clayborne dug deep and found a temporary fix.
  3. Why your business's cybersecurity culture is like a puppy. Yes, a puppy.
    Telling stories and educating about why cybersecurity is important helps create ownership within the organization.
  4. Security and emergency preparedness take a front seat at SDN
    At SDN Communications, emergencies are carefully planned for, thanks to the company’s Security Committee and its virtual Chief Information Security Officer.