Guard against Russian cyber threat

Guard against Russian cyber threat

Reading Time: 2 minutes25th May 2018 | Modified: 19th December 2022

Categories: CNC News

The threat of cyber-attacks supported by the Russian state is looming larger than ever. All UK organisations, therefore, need to be on their guard and to make sure their security is watertight.

Official law enforcement agencies and cyber security specialists have alerted governments and private companies worldwide about an ongoing hacking campaign thought to be state sponsored. Its objective is to compromise network infrastructures using a wide range of methods.

The campaign’s purpose is to support espionage and steal intellectual property to further Russia’s national security and economic goals.

NCSC advice

The UK’s National Cyber Security Centre (NCSC) has issued an advisory document about the threat and what to do to protect your organisation.

It’s not just governments and major corporations that need to worry. Smaller companies across Sussex, Surrey, Hampshire and Kent are also in the front line.

Beware the innocent-sounding email that flatters your ego and asks you to connect with someone you’ve never heard of. Or the official-looking rebate letter from the tax office. Or any request to reset your password for a particular account. All of these are almost certainly bogus.

Soft targets

Easy targets for these hackers are network devices such as residential class routers and devices that have no enhanced security added by the user and use the same default settings as when they were first issued.

Gary Jowett, from Computer & Network Consultants in Brighton, says: “The first step these hackers take is to find security weaknesses that can be exploited via the internet. They conduct both wide-scale and targeted scanning of internet addresses to discover vulnerable network infrastructures. Protocols they’ve targeted include TCP port 23, HTTP port 80, SNMP ports 161 and 162 and Cisco SMI port 4786.

“They also use specially-crafted SNMP and SMI packets that trigger any scanned device to send its configuration file back to them. Even if a network is blocking access to external traffic at its boundary, the hackers can still ‘spoof’ the source address to make it appear it’s coming from inside the same network.”

The NSCS offers extensive advice about how to guard against these hackers including specific steps for manufacturers, security vendors and internet service providers.

For everyone the headline advice is:

• Don’t allow unencrypted management protocols to enter your organisation from the internet
• Don’t allow internet access to the management interface of any network device
• Disable legacy unencrypted protocols such as Telnet and SNMPv1
• Immediately change default passwords and enforce a strong password policy

Gary says: “Once these attackers are armed with legitimate credentials they can literally take a leisurely cyber ‘walk’ around your network. Just as if they were strolling past your desk in your office. Fundamentally, the organisations most at risk are those that permit default or commonly-used passwords and have weak password policies.”

Newsletter Archives

Categorized as CNC News

By Gary

Gary has always focused on making sure the most appropriate solution is provided to help customers, not just what's new and shiny. With over 30 years in the IT industry Gary has the experience to tell the difference between something that's game-changing or is just a passing fad!