Skip to main content

From Russia With Very Little Love

By April 17, 2018October 20th, 2020The Tech Lab

In October 2017, I wrote an extensive post about the KRACKS cybersecurity threat against home and business Wi-Fi routers. It appears this particular threat has run its course, although vulnerable routers still exist all around the world. If your IT team updated your business routers, or if you did so on your home network, congratulations. You care a lot about the security of your business and personal data and you’ve helped prevent your own networking devices from becoming proxies in a worldwide network of bad actors who want to disrupt your business, undermine the economic security of our country and to find holes in the inter-connected world in which we live in this country.

However, the threat has not ended completely. In fact, it has morphed into an even more severe threat with a single source of attack: Russia. A lot has been written in the press and spoken by pundits over the last few months about an escalation in words, sanctions and threats of reprisals between the United States and Russia. Most of us just assume these are inter-governmental disputes that will somehow get worked out by diplomats. And, hopefully, that is the case.

In the meantime, the Russian bear is not in hibernation. According to a joint announcement by the US Department of Homeland Security, the FBI and the U.K.’s National Cyber Security Centre, Russia is the source of an elevated level of recent attacks against routers, network switches and security firewalls. The pattern of these attacks suggests Russian state-sanctioned actors are laying the groundwork for what could evolve into a coordinated penetration of corporate enterprises, but also attempts against vital infrastructure targets and small business enterprises as well.

The Russian campaign ‘threatens our respective safety, security and economic well-being,’ according to these three agencies.

If you can imagine a bee hive with a central queen serviced by thousands of worker bees that fly out of the nest each day to serve and protect the hive, you can then easily picture Russian hackers who send out thousands, hundreds of thousands or millions of bots each day looking for vulnerabilities in the equipment hanging off your IP address at your business, or your home. These pre-programmed bots use either brute force attacks against router, switch and firewall hardware/software you may have on your network, or use complex attacks using phishing emails with innocent-looking links that download malware on your network or create backdoors to your systems that will enable the bad actors to lie in wait for a signal from the central “bee” to hack, download or destroy data on computers and storage drives attached to your network.

Are You Helpless in Protecting Your Digital Assets?

In short, no you are not totally without defensive measures you can deploy in your company. All it takes is for you and your team to get serious about these threats, whether they are vectored from Russia or a nearby high school’s computer lab. Inoculation starts with some relatively simple rules of the road which need to be followed by everyone in your organization.

If you have full-time information technology assistance handled by someone with a good grasp of cybersecurity tools, or even part-time support from a third-party company, you are taking the first steps in strengthening your company’s resistance to attacks. Most importantly, everyone who has computer access to your network, either wired or wireless, needs to be educated on the threats and they should follow a company policy that is shared with everyone in your company.

Hackers look for the weak links in your network and those are often “guessable” passwords that you KNOW are not safe, but which you use anyway because “I won’t forget them.” Well, you may not forget them, but you will regret what happens if a hacker easily hacks your password. Passwords are ranked based on the ease with which they can be hacked through brute force attacks. Let’s say your User Name is “admin” and you use “12345” as your password. Don’t laugh…it happens every day. Through previous hacks, bad actors share long lists of user credentials on the dark web and then program bots to seek out networking equipment and then keep guessing user access credentials (UACs) until they are blocked by security software if they are set to block IP addresses after too many failed attempts.

We’ve listed below a few key steps you can take to deter most cyber attacks. These are pragmatic rules of the road that are not always easy to implement, but they are essential if your corporate governance and business insurance mandates you protect your data assets, including personnel data and customer information.

  • Update Computer & Network Software
    All computers and networking hardware that touch your network should be regularly updated from the manufacturers’ websites. Most of these hardware/software vendors either offer auto-update options, or you can manually download and install these updates as well. Many of these downloads relate to BIOS updates and security “patches” that close discovered holes in your computer operating system software or on your router, switch and security firewalls. Make it a habit to have your various systems auto-check and install updates, or create a monthly ritual of doing these manually if you prefer to select which ones have a higher priority for you.
  • Use Strong User Names and Passwords
    User Access Credentials (UACs) should be at least a dozen characters, but better is the use of 24 characters, especially for passwords. This should be a combination of upper and lower case letters, numbers and special characters (#, !, etc.). There are “random password generators” available, such as one available from Norton Security, a Symantec company. Even with high-speed computers and sophisticated “guessing” software or passwords bought on the dark web, the more characters you use, and the randomness of those characters you employ to craft your password, the longer it will take to “hack” your security. Hack times could go from seconds and minutes, to months and years of attempts to break in. Important: consider changing your password at least every 90 days on your most sensitive equipment. Hackers then have to start their brute force attempts all over again!
  • Create Unique Passwords for Each Device
    Never use the same passwords on different computers or network devices in your business. Make each instance of a user name and/or password unique. If someone leaves your organization, you can turn off those access credentials very easily to block future access. But, if it’s widely known that many passwords are the same, you may have to change all passwords each time someone leaves your company. This is neither a good practice nor an efficient one.
  • Don’t Store Your Password Crib Sheets Online
    Don’t be tempted to create a spreadsheet with all company-wide access credentials which you then store on your server, NAS drive or somewhere it can be accessible to unauthorized staff or hackers. If you need to have a list for security access management purposes, highly encrypt the data and save it on a flash drive that you can keep under lock-and-key. Or, print it out on paper, store in a folder which is housed in a secure filing cabinet that requires a key, numeric keypad access or biometric scanning. These are the keys to your kingdom. Protect them and you will help minimize the security risks in your business.
  • Backup Often
    All online data should be backed up often. Whether on individual computers hanging off your network, or stored on network-attached storage drives (NAS), backups are an essential part of your security regimen. There are numerous options to do this using large system drives that can be removed and stored off-site or securely on-site if you deem that safe enough. Alternately, you can use cloud-based backup options such as iCloud, OneDrive, Microsoft Azure or Amazon AWS. If your systems are hacked, or shut down by ransomware, you’ll be happy you took this step to mirror the data, keep it safe and make it available if you need to restore system integrity from these backups.
  • Watch Out for ‘Phishing’ Emails
    No matter how secure you make your network, including the use of 24-character passwords and updated software, clicking on a single link in a spam email that LOOKS like it really came from your bank, credit card company or a friend, can undo your efforts as quickly as the clicked link connects you to a server in the Ukraine or “the Stans” that immediately begins downloading malware and backdoors on your computer. Built-in crawlers then roam your network looking to infect/block/hack other systems. Educate your team to delete and block those emails immediately. The cost to correct a single “click” mistake is extremely high…catastrophic may be a better description.

Taking these steps will minimize the ability of state-sponsored hackers to penetrate your business infrastructure. However, fair warning for even the most disciplined security efforts, they are not guaranteed to be a fool-proof prophylactic. Pre-existing backdoors in any of your systems, or malware lying dormant on a network server, can easily compromise your systems through a wake-up command.

But, don’t let that prevent you from working hard to firewall your business from outside hackers. Many hackers go after the easy prey first, and that’s because they can glean vast amounts of data from leaky networks to satisfy their spymasters.

Worst case? Make them work hard to penetrate your computer and network security. You’ll be glad you did. Stay safe!