US/UK warn Russia to hack into global routers
On Monday, the British and American intelligence agencies issued another warning about potential cyber threats related to Russia. The special task force stated that this group of hackers has received the support of the Russian government in order to hijack the global router and may have achieved a certain degree of success. Attack targets include Internet service providers, governments, small businesses, and SOHO. The United States Computer Emergency Readiness Team (CERT) issued a warning that hackers appear to be trying to take over the network infrastructure.
A team of joint security experts from the US Department of Homeland Security (DHS), FBI, and the National Cyber Security Centre (NCSC) in the United Kingdom have discovered that they have enabled Generic Routing Encapsulation (GRA) on devices in certain countries, Cisco Smart Install (SMI), and Simple Network Management Protocol (SNMP). Forbes reports that Rob Joyce, special assistant to the president and cybersecurity coordinator at the National Security Council briefed the media ahead of the announcement stating with “high confidence” that Russia was behind the attacks.
Ciaran Martin, director of the NCSC in the UK, added that the attack dates back a year ago and does not rule out that Russia may try to use this hacked infrastructure to initiate further operations.
The CERT report points out that as a means of executing a man-in-the-middle attack, hackers intend to penetrate routers, switches, firewalls, and network intrusion detection systems.
Attack vectors used by hackers are old or vulnerable protocols related to network management on ports. According to the researchers, the attacker exploited the following flaws:
- devices with legacy unencrypted protocols or unauthenticated services,
- devices insufficiently hardened before installation, and
- devices no longer supported with security patches by manufacturers or vendors (end-of-life devices).
For more information on this report, please also visit the CERT website.
Source: TechSpot
