Another day, another security scare. A joint statement by the FBI, DHS and UK NCSC has warned that the Russian Government are now actively conducting “malicious cyber activity” with the aim of compromising network infrastructure devices such as switches, firewalls and even home broadband routers etc.
The “Technical Alert” – TA18-106A – includes further details and notes that the targets of this malicious cyber activity are “primarily government and private-sector organisations, critical infrastructure providers, and the Internet Service Providers (ISPs) supporting these sectors“.
The alert warns that network device vendors, ISPs, public sector organisations, private sector corporations and small-office/home-office (SOHO) customers are the main targets. Apparently Russian “state-sponsored actors” (no.. not bad movie actors) are using compromised routers to conduct “spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.”
Advertisement
The notice goes on to state that this activity has been reported to the U.S. and UK governments by “multiple sources“, including private and public-sector cyber security research organisations and allies.
Ciaran Martin, CEO of the UK National Cyber Security Centre, said:
“Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority for the National Cyber Security Centre and our U.S. allies. This is the first time that in attributing a cyber attack to Russia the U.S. and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.
For over twenty years, GCHQ has been tracking the key Russian cyber attack groups and today’s joint UK-U.S. alert shows that the threat has not gone away. The UK government will continue to work with the U.S., other international allies and industry partners to expose Russia’s unacceptable cyber behaviour, so they are held accountable for their actions.
Many of the techniques used by Russia exploit basic weaknesses in network systems. The NCSC is leading the way globally to automate defences at scale to take away some of those basic attacks, thereby allowing us to focus on the most potent threats.”
In the language of Fear Uncertainty and Doubt (FUD) we should probably put this into some practical context because, as any experienced IT bod already knows, your computer and networking hardware will come under frequent attack from almost the moment you go online. Often this occurs without you even knowing about it, unless you closely monitor your network traffic.
Most of the time its automated botnets that are scanning global IP address ranges for known vulnerabilities to exploit and on other occasions you’ll simply be passing by an infected web page, clicking a bad email link or installing a dodgy app. As a general rule all of our connected devices are at a constant risk and this is the reason why we all (hopefully) have firewalls, anti-virus, encryption and should be keeping our systems up-to-date with security patches.
Put another way, individual residential home broadband ISP or mobile internet users are arguably at much greater risk from your common run-of-the-mill hacker types or virus infections. The Russian government is probably the least of your concerns and as always, regardless of who is trying to screw up your online day, the best protection is always a strong defence and up-to-date software/hardware.
Advertisement
If at least they can help to have the proper bandwidth; I pay for “up to” 76 and the top here is a bit more of 50.
Be afraid folks, be afraid….of MI5/GCHQ 🙂
Nice try Russian bot…
I wondered how long it would be until they came out with this verbal diarrhoea
And the propaganda machine rolls on.
Russia this, Russia that… let’s attack Assad on the suspected use of chemical weapons (despite the tactical motive for him to do so… he had all but won the area)… or was it let’s poke Russia via Assad.
It truely seems that they are building opinion for a war with Russia.
Personally… my firewalls and web services see the majority of hacking attempts from China… not Russia.
Careful now…you’ll be accused of being a Russian bot lol
I must agree, most hacking attempts on my server come from China
“let’s attack Assad on the suspected use of chemical weapons (despite the tactical motive for him to do so… he had all but won the area)”
(sighs) Thats how he has repeatedly used CWs. You pound the enemy until you can pound no more then use CW to penetrate the bunkers/positions you can’t breach: (CWs (chemical dependant) sink.) The defenders surrendered immediately after the CW attack.
Chemical weapons???? You mean like various forms of gas our law enforcement and military use, at times on our own people?
Russian Bot automated message…. Ah, but don’t be fooled by the IP info your Routers/Servers are harvesting on suspect attacks. The Russians are using China based Servers via VPN’s, Tor and Public Proxies to fool you into thinking they are connecting from China…. Have a nice day 🙂
There’s methods to detect if an attack is being proxied… most basic being latency difference between you and their proxy vs them and you.
This is my profession. I’m not an amateur.
Have a nice day also.
I find this really interesting. Could I tell this from my ISP provided Router or would I need a business device to check the basic latency to confirm if I am being attacked from China or Russia?
Considering how slow my connection is, I’d be impressed if they could access it.
Funny, 3 days ago someone used my eBay account to buy various goods and shipped them to Russia…gladly eBay is great with customer service and my money was refunded.
it wasnt chemical weapons was it?
If Putin wants to know I have the occasional look at Pornhub then good luck to him.
That’s the most interesting thing that happens on my connection, apart from occasionally posting on here of course.
In the UK we’ve always got to try and paint someone as the bad guy, as the infiltrator trying to drag us down. We’ve been doing it for decades. I’m surprised more people haven’t seen the real threat to the UK people and that is the UK government.
All very interesting:
“Many of the techniques used by Russia exploit basic weaknesses in network systems”
Now what does this mean? PGP back in the 90’s when exported outside the USA/Canada with back-doors, Cisco equipment with “government only” back-doors among other company’s
Lets not forget the NSA that lost it’s “SMB” zero day exploit and someone added ransomware to it taking down the NHS and other systems everywhere
Just to end with lets not forget the “Home Office” and the “FBI” wanting a “government only” decryption key for everything that will to totally safe, yeah right!
Yes Russia and others are using Cyber attacks, that’s not new but when they give statements lets not forget there are some normal vulnerability and always will be, but what about the “added extras” you also have and last the amount of “sensitive” data company’s like talk-talk hold on people and then loose it or Facebook………where is the actual risk from, I get lost as the UK and US governments are collecting everything anyway, wheres that going?
Oh I almost forgot how about the CPU bugs and talking about bugs, cellphone anyone?
Have a nice day