o-one is too unimportant to be targeted by Russia-backed, state-sponsored hackers. While that may be good for the self-esteem, it's bad news for online security — enough so that this week US and UK authorities teamed up to issue a joint warning about communications infrastructure, including home-office routers.
The rare joint alert noted that routers, switches, firewalls and network intrusion detection systems at government and businesses were the main targets of Russian hackers, but it added that even "small-office/home-office customers" should take more protective action, as should Internet Service Providers (ISPs) and and those developing infrastructure.
The attacks target routers and the protective hardware around them, with Russia-sponsored hackers accused of running "man-in-the-middle" attacks for to spy, steal intellectual property, and "potentially lay a foundation for future offensive operations", the alert reads. The FBI, Department of Homeland Security and the UK's National Cyber Security Centre (NCSC) noted that multiple cyber security research groups have reported such activity since 2015.
"This is not something new, and is not something that has developed in response to Salisbury and Syria," said Keir Giles, a senior consulting fellow of the Russia and Eurasia Programme at thinktank Chatham House. "But it's something that is entirely consistent with how Russia thinks about information warfare." That includes standard cyber attacks as well as "targeting of mass consciousness and public opinion".
Routers are a weak point in security because they're frequently left unpatched, have legacy unencrypted protocols, or weak default settings for easy installation — indeed, the technical alert notes that "Russian cyber actors do not need to leverage zero-day vulnerabilities or install malware to exploit these devices." In short, they don't need to be sophisticated. Pair that with the fact most traffic goes through routers and other networking equipment, and that makes them "ideal targets", the alert notes.
Another infamous security weak point noted by the technical alert is the Internet of Things (IoT), such as the smart devices scattered about our homes. Ciaran Martin, CEO of the NCSC, told the New York Times that Russia had targeted "millions" of connected devices in the UK and US, including IoT gadgets. "One of the things with the Internet of Things is it needs to be cheap and easy to use, and one of the ways to do that is take out security," says professor Alastair Irons, academic dean for the faculty of computer science at the University of Sunderland. "In theory, these IoT devices could be weaponised… to disrupt and disable networks and infrastructure."
this new source in www.wired.co.uk
No comments:
Post a Comment