window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-20840989-1');


We've detected that you're using Internet Explorer which is an old, insecure browser and incompatible with many modern features.
Our Customer Portal is not available for Internet Explorer users and we recommend using Chrome, Firefox or other modern browsers for best user experience and full functionality.

Guard against Russian cyber threat

The threat of cyber-attacks supported by the Russian state is looming larger than ever. All UK organisations, therefore, need to be on their guard and to make sure their security is watertight.

Official law enforcement agencies and cyber security specialists have alerted governments and private companies worldwide about an ongoing hacking campaign thought to be state sponsored. Its objective is to compromise network infrastructures using a wide range of methods.

The campaign’s purpose is to support espionage and steal intellectual property to further Russia’s national security and economic goals.

NCSC advice

The UK’s National Cyber Security Centre (NCSC) has issued an advisory document about the threat and what to do to protect your organisation.

It’s not just governments and major corporations that need to worry. Smaller companies across Sussex, Surrey, Hampshire and Kent are also in the front line.

Beware the innocent-sounding email that flatters your ego and asks you to connect with someone you’ve never heard of. Or the official-looking rebate letter from the tax office. Or any request to reset your password for a particular account. All of these are almost certainly bogus.

Soft targets

Easy targets for these hackers are network devices such as residential class routers and devices that have no enhanced security added by the user and use the same default settings as when they were first issued.

Gary Jowett, from Computer & Network Consultants in Brighton, says: “The first step these hackers take is to find security weaknesses that can be exploited via the internet. They conduct both wide-scale and targeted scanning of internet addresses to discover vulnerable network infrastructures. Protocols they’ve targeted include TCP port 23, HTTP port 80, SNMP ports 161 and 162 and Cisco SMI port 4786.

“They also use specially-crafted SNMP and SMI packets that trigger any scanned device to send its configuration file back to them. Even if a network is blocking access to external traffic at its boundary, the hackers can still ‘spoof’ the source address to make it appear it’s coming from inside the same network.”

The NSCS offers extensive advice about how to guard against these hackers including specific steps for manufacturers, security vendors and internet service providers.

For everyone the headline advice is:

• Don’t allow unencrypted management protocols to enter your organisation from the internet
• Don’t allow internet access to the management interface of any network device
• Disable legacy unencrypted protocols such as Telnet and SNMPv1
• Immediately change default passwords and enforce a strong password policy

Gary says: “Once these attackers are armed with legitimate credentials they can literally take a leisurely cyber ‘walk’ around your network. Just as if they were strolling past your desk in your office. Fundamentally, the organisations most at risk are those that permit default or commonly-used passwords and have weak password policies.”

Newsletter Archives

By |2018-06-10T15:16:09+01:0025th May 2018|CNC News|Comments Off on Guard against Russian cyber threat

About the Author:

We use cookies to ensure that we give you the best experience on our website. We also use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the CNC website. However, if you'd like to find out more please visit our Legal and Privacy policy page. Accept