The National Cyber Security Centre (NCSC), FBI and US Department of Homeland Security (DHS) have issued a joint statement accusing Russia of an on-going hacking campaign.
The ‘Technical Alert’ warns that the Russian Government has been targeting primarily government and private-sector organisations, critical infrastructure providers, and the internet service providers (ISPs) supporting these sectors.
According to the alert the malicious activity has been directed at network infrastructure devices worldwide including “routers, switches, firewalls, and the Network Intrusion Detection System (NIDS).”
The statement recommends “network device vendors, ISPs, public sector organisations, private sector corporations and small-office/home-office customers should read the alert (TA18-106A) and act on the recommended mitigation strategies.”
“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations,” the statement explained.
“Multiple sources, including private and public-sector cyber security research organisations and allies, have reported this activity to the US and UK governments.”
>See also: Cyber security s a ‘people problem’
Jeanette Manfra, National Protection and Programs Directorate (NPPD) Assistant Secretary for Cybersecurity and Communications said: “Russian government activities continue to threaten our respective safety, security, and the very integrity of our cyber ecosystem. We condemn this latest activity in the strongest possible terms and we will not accept nor tolerate any malign foreign cyber operations, intrusions, or compromises —to include influence operations. We call on all responsible nations to use their resources—including diplomatic, law enforcement, technical, and other means—to address the Russian cyber threat.
Through information sharing programs like Automated Indicator Sharing (AIS), we are building the capacity for collective defence to minimise threats between US and UK network devices. While DHS cannot protect every network at all times, we can ensure that we are all collectively empowered to secure our networks through government and industry working together.
>See also: Cyber attacks become number 1 business risk
Cyber security is a shared responsibility, and we understand that identifying a threat in one organisation’s network can prevent an attack in another. Today’s joint Technical Alert is an example of how we are working with allies and partners to prevent cyber actors from impacting critical infrastructure to the fullest extent possible. Although this is the first time the NCSC is included as an author in a DHS and FBI joint product, our collaborative work has proved useful and effective in response to previous cyber related events. I look forward to continuing this important partnership as we work against these threats.”
Howard Marshall, FBI Deputy Assistant Director said: “The activity highlighted today is part of a repeated pattern of disruptive and harmful malicious cyber action carried out by the Russian government.
As long as this type of activity continues, the FBI will be there to investigate, identify and unmask the perpetrators, in this case, the Russian government. The joint Technical Alert released today underscores our commitment to working with our partners, both at home and abroad, to combat malicious cyber activity and hold those responsible accountable. We do not make this attribution lightly and will hold steadfast with our partners.”
Ciaran Martin, CEO of the National Cyber Security Centre said: “Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority for the National Cyber Security Centre and our US allies. This is the first time that in attributing a cyber attack to Russia the US and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.
>See also: Unlocking cyber innovation in the UK
For over twenty years, GCHQ has been tracking the key Russian cyber attack groups and today’s joint UK-US alert shows that the threat has not gone away. The UK government will continue to work with the US, other international allies and industry partners to expose Russia’s unacceptable cyber behaviour, so they are held accountable for their actions.
Many of the techniques used by Russia exploit basic weaknesses in network systems. The NCSC is leading the way globally to automate defences at scale to take away some of those basic attacks, thereby allowing us to focus on the most potent threats.”
Development of cyberweapons for computer espionage and attacks
According to Simon Townsend, CTO, EMEA at Ivanti, nation-state hackers are increasingly using powerful and sophisticated techniques to target not just government institutions, but businesses with the intent to destabilise and disrupt and leak confidential information.
“More than 60 countries, including Russia and the UK, have developed or are developing cyber weapons for computer espionage and attacks. It’s driving a form of cyber cold war, where governments continue to attempt to outpace one another with a growing arsenal of cyber weapons and cyber defence strategies, as the last week’s headlines have shown. And the common cybercriminal is learning quickly from these more ‘military-grade’ cyber weapons, causing the gap between nation-state attacks and other forms of cybercrime to close quickly.
It has also been predicted that the frequency and impact of these nation-state cyberattacks will grow, with greater coordination in the works as well, such as an attack on a power grid during a blizzard or extreme cold conditions.To defend against these attacks, any organisation with sensitive information or valuable IP needs to remain vigilant.”
Townsend said companies need to know what kind of information is stored on their systems and passing through their networks: “They need to consider the origin of vendors they do business with, and carefully vet any new technology that they acquire from companies based in the nations that pose the greatest threats. They need to isolate internal networks from the Internet if access isn’t required. They need to diligently deploy cybersecurity defence-in-depth best practices in order to know exactly what is going on in their environment, and to reduce their attack surface, detect attacks that do get through, and take rapid action to contain malicious activity and vulnerabilities. Part of this is having an army of well-trained employees to bring an extra layer of defence.
Finally, organisations should share any knowledge if they have insight into a cyber threat, whether they’ve been attacked or targeted by a failed threat. The more insight we all have on new threat trends and vulnerabilities that may be exploited, the better all organisations can be in defending against the potential of a nation-state attack.”