The U.S. Homeland Security’s Computer Emergency Readiness Team (US-CERT) has recently warned that Russian cyber teams have been infiltrating home and small business networks, corrupting routers, switches, and firewalls using virus-corrupted software and protocols like:
- Generic Routing Encapsulation (GRE)
- Cisco Smart Install (SMI)
- Simple Network Management Protocol (SNMP)
- Network-based Intrusion Detection System (IDS)
In their warning, CERT says the FBI has “high confidence” that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.”
What methods are the Russian cyber teams using?
In an interview with NPR, Jeanette Manfra, the Department of Homeland Security’s cybersecurity chief, warned that one technique they are using to compromise security is spoofing. “It allows an actor to pretend that they’re the computer or the device that you think you’re talking to, so they get into the middle of a connection between two different devices, and they can spy on the traffic that is going back and forth, they can manipulate the traffic,” she says.
Targets of the attacks were described as “primarily government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors.”
A variety of access methods are being used in the attack
- Spear-phishing emails from a compromised legitimate account
- Watering-hole domains (infecting websites the target is known to visit)
- Credential gathering
- Open-source and network reconnaissance
What actions should a small business take?
Look for the brand name of your network devices | (For instance, your router) Write down the make and model of your device.
Contact your support service | If you have an individual or company that provides network support or maintains your network, check with them first.
Seek instructions on the website of your network infrastructure device | Vendors of routers and switches are putting out guidance that is specific to the make and model of their network device products. Download the instructions or updates they provide.
Interview with Department of Homeland Security’s cybersecurity chief