Joint Technical Alert and How to Protect Your Data
The joint Technical Alert (TA18-106A) released April 16th, 2018 by the United States Computer Emergency Readiness Team (US-CERT) reports that government-backed Russian hackers are using compromised routers and other network infrastructure to conduct espionage and potentially lay the groundwork for future offensive cyber operations.
According to the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC)- cyber attacks target government, the private sector and critical infrastructure, as well as the Internet Service Providers (ISPs) providing support to these sectors, with attacks across the globe on network infrastructure devices including routers, switches, firewalls, Network Intrusion Detection Systems (NIDS).
The alert urges network device vendors, ISPs, public sector organisations and private corporations of all sizes to read it and act on the recommended mitigation strategies.
General Mitigation Strategies
- Do not allow unencrypted (i.e., plaintext) management protocols (e.g. Telnet) to enter an organization from the Internet. Management activities from outside the organization should be done through an encrypted Virtual Private Network (VPN) where both ends are mutually authenticated.
- Do not allow Internet access to the management interface of any network device.
- Disable legacy unencrypted protocols such as Telnet and SNMPv1 or v2c. and use modern encrypted protocols such as SSH and SNMPv3. Harden the encrypted protocols based on current best security practice.
- Immediately change default passwords and enforce a strong password policy.
For more information regarding cyber security or insurance regarding data loss, please contact us. For further information including detailed mitigation strategies and further recommendations from Department of Homeland Security, visit sources below.