The threat of cyber-attacks supported by the Russian state is looming larger than ever. All UK organisations, therefore, need to be on their guard and to make sure their security is watertight.
Official law enforcement agencies and cyber security specialists have alerted governments and private companies worldwide about an ongoing hacking campaign thought to be state sponsored. Its objective is to compromise network infrastructures using a wide range of methods.
The campaign’s purpose is to support espionage and steal intellectual property to further Russia’s national security and economic goals.
The UK’s National Cyber Security Centre (NCSC) has issued an advisory document about the threat and what to do to protect your organisation.
It’s not just governments and major corporations that need to worry. Smaller companies across Sussex, Surrey, Hampshire and Kent are also in the front line.
Beware the innocent-sounding email that flatters your ego and asks you to connect with someone you’ve never heard of. Or the official-looking rebate letter from the tax office. Or any request to reset your password for a particular account. All of these are almost certainly bogus.
Easy targets for these hackers are network devices such as residential class routers and devices that have no enhanced security added by the user and use the same default settings as when they were first issued.
Gary Jowett, from Computer & Network Consultants in Brighton, says: “The first step these hackers take is to find security weaknesses that can be exploited via the internet. They conduct both wide-scale and targeted scanning of internet addresses to discover vulnerable network infrastructures. Protocols they’ve targeted include TCP port 23, HTTP port 80, SNMP ports 161 and 162 and Cisco SMI port 4786.
“They also use specially-crafted SNMP and SMI packets that trigger any scanned device to send its configuration file back to them. Even if a network is blocking access to external traffic at its boundary, the hackers can still ‘spoof’ the source address to make it appear it’s coming from inside the same network.”
The NSCS offers extensive advice about how to guard against these hackers including specific steps for manufacturers, security vendors and internet service providers.
For everyone the headline advice is:
• Don’t allow unencrypted management protocols to enter your organisation from the internet
• Don’t allow internet access to the management interface of any network device
• Disable legacy unencrypted protocols such as Telnet and SNMPv1
• Immediately change default passwords and enforce a strong password policy
Gary says: “Once these attackers are armed with legitimate credentials they can literally take a leisurely cyber ‘walk’ around your network. Just as if they were strolling past your desk in your office. Fundamentally, the organisations most at risk are those that permit default or commonly-used passwords and have weak password policies.”