Russian hacker warning: How to protect yourself from network attacks

April 18, 2018

Businesses and governments have been urged to keep their network security up to date following a warning from U.S. and U.K. authorities on the risk of cyber attack from hackers backed by Russia.

The U.S. Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the U.K.’s National Cyber Security Centre (NCSC) issued an alert over exploits in routers and other internet connected devices used in homes, small businesses, and large organizations, which are said to be vulnerable to cyber attacks.

The hacking campaign includes breaking into routers and other network devices to carry out man-in-the-middle attacks to support cyber espionage, steal intellectual property, and maintain persistent access in victim networks for use in additional attacks.

A technical alert by the NCSC—the cyber arm of GCHQ—warns that systems including Generic Routing Encapsulation (GRE) enabled Devices, Cisco Smart Install (SMI) enabled devices, and those using Simple Network Management Protocol (SNMP) are all vulnerable to exploits.

Millions of these devices around the world are said to have been compromised, with inherently poor security and poor default passwords exploited by the attackers.

The advisory includes details of how to secure Telnet, SNMP, TFTP, and SMI, and Cisco has published a set of best practices to ‘harden devices against cyberattacks targeting network infrastructure’.

Responding to the specific mentions of Smart Install in the alert, Cisco states that the main recommendation for users who don’t need it is to ‘disable the feature using the no vstack command once setup is complete’.

But in the case of customers who need it, Cisco states they can use access control lists to block incoming traffic on TCP port 4786.

“Additionally, patches for known security vulnerabilities should be applied as part of standard network security management,” Cisco adds.

However, with home users and small businesses said to be vulnerable to these exploits, there are concerns that these individuals and organizations will remain vulnerable to attacks because the users don’t understand how to secure the devices.

Even the NCSC advisory says the very reason attackers select these devices is they’re known to be vulnerable and are often not patched.

It added how few of these devices run antivirus or security tools and that “manufacturers build and distribute these network devices with exploitable services, which are enabled for ease of installation, operation, and maintenance”.

The report urges manufacturers not to design products to support legacy or unencrypted protocols and to design the devices so that users are required to change the default passwords before using the device.

Those who believe their device has been compromised by tools and techniques discussed in the advisory are urged to report it to law enforcement agencies.

ZDNet has the full story

Sponsored Recommendations

A Cyber Shield for Healthcare: Exploring HHS's $1.3 Billion Security Initiative

Unlock the Future of Healthcare Cybersecurity with Erik Decker, Co-Chair of the HHS 405(d) workgroup! Don't miss this opportunity to gain invaluable knowledge from a seasoned ...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...