Intelligence agencies from the UK and US have warned of a “broad campaign” underway by state-sponsored Russian hackers to take control of networking hardware.
A joint alert warning of the dangers of state-sponsored Russian hackers was issued by the US Department of Homeland Security, the FBI, and the UK’s National Cyber Security Centre, which also detailed some of the methods hacking groups can use to interfere with networking hardware.
This networking hardware includes routers and firewalls, used by both big businesses and individual consumers in their homes. The targets could include millions of devices worldwide, and the attempt to access and control them is thought to be an ongoing campaign.
Can the attack be defended?
The joint technical alert issued by the agencies provides some information on how the attackers are targeting network infrastructure, and provides guidance for device vendors, internet service providers, public sector organisations, private companies and home users on how to identify and combat malicious activity.
The alert explains that Russian cyber actors can modify or deny traffic travelling through network infrastructure, without installing any new software on these devices. Instead, they can take advantage of existing vulnerabilities, including:
- Legacy unencrypted protocols;
- Legacy unauthenticated services;
- Insufficient hardening of devices before installation; and
- Lack of security patches or support of end-of-life devices by manufacturers or vendors.
Alongside these vulnerabilities, there are other factors which make network hardware devices such as routers easy targets for cyberattacks. The fact that, following installation, network devices are often not maintained at the same level as other types of hardware compounds this vulnerability.
What has the US said about Russian cyberattacks?
The US and the UK have already formally accused Russia of the NotPetya spyware attack which took place over last summer. Tensions between Russia and the West having escalated in recent weeks with the poisoning attack on former Russian spy Sergei Skripal in the UK, and recent military intervention by the UK and the US in Syria.
The US government’s outgoing cyber security coordinator, Rob Joyce, said that the US would continue to resist attempts by state-sponsored Russian hackers to undertake attacks: “When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back.”