From Russia With Very Little Love
In October 2017, I wrote an extensive post about the KRACKS cybersecurity threat against home and business Wi-Fi routers. It appears this particular threat has run its course, although vulnerable routers still exist all around the world. If your IT team updated your business routers, or if you did so on your home network, congratulations. You care a lot about the security of your business and personal data and you’ve helped prevent your own networking devices from becoming proxies in a worldwide network of bad actors who want to disrupt your business, undermine the economic security of our country and to find holes in the inter-connected world in which we live in this country.
However, the threat has not ended completely. In fact, it has morphed into an even more severe threat with a single source of attack: Russia. A lot has been written in the press and spoken by pundits over the last few months about an escalation in words, sanctions and threats of reprisals between the United States and Russia. Most of us just assume these are inter-governmental disputes that will somehow get worked out by diplomats. And, hopefully, that is the case.
In the meantime, the Russian bear is not in hibernation. According to a joint announcement by the US Department of Homeland Security, the FBI and the U.K.’s National Cyber Security Centre, Russia is the source of an elevated level of recent attacks against routers, network switches and security firewalls. The pattern of these attacks suggests Russian state-sanctioned actors are laying the groundwork for what could evolve into a coordinated penetration of corporate enterprises, but also attempts against vital infrastructure targets and small business enterprises as well.
The Russian campaign ‘threatens our respective safety, security and economic well-being,’ according to these three agencies.
If you can imagine a bee hive with a central queen serviced by thousands of worker bees that fly out of the nest each day to serve and protect the hive, you can then easily picture Russian hackers who send out thousands, hundreds of thousands or millions of bots each day looking for vulnerabilities in the equipment hanging off your IP address at your business, or your home. These pre-programmed bots use either brute force attacks against router, switch and firewall hardware/software you may have on your network, or use complex attacks using phishing emails with innocent-looking links that download malware on your network or create backdoors to your systems that will enable the bad actors to lie in wait for a signal from the central “bee” to hack, download or destroy data on computers and storage drives attached to your network.
In short, no you are not totally without defensive measures you can deploy in your company. All it takes is for you and your team to get serious about these threats, whether they are vectored from Russia or a nearby high school’s computer lab. Inoculation starts with some relatively simple rules of the road which need to be followed by everyone in your organization.
If you have full-time information technology assistance handled by someone with a good grasp of cybersecurity tools, or even part-time support from a third-party company, you are taking the first steps in strengthening your company’s resistance to attacks. Most importantly, everyone who has computer access to your network, either wired or wireless, needs to be educated on the threats and they should follow a company policy that is shared with everyone in your company.
Hackers look for the weak links in your network and those are often “guessable” passwords that you KNOW are not safe, but which you use anyway because “I won’t forget them.” Well, you may not forget them, but you will regret what happens if a hacker easily hacks your password. Passwords are ranked based on the ease with which they can be hacked through brute force attacks. Let’s say your User Name is “admin” and you use “12345” as your password. Don’t laugh…it happens every day. Through previous hacks, bad actors share long lists of user credentials on the dark web and then program bots to seek out networking equipment and then keep guessing user access credentials (UACs) until they are blocked by security software if they are set to block IP addresses for too many failed attempts.
We’ve listed below a few key steps you can take to deter most cyber attacks. These are pragmatic rules of the road that are not always easy to implement, but they are essential if your corporate governance and business insurance mandates you protect your data assets, including personnel data and customer information.
Taking these steps will minimize the ability of state-sponsored hackers to penetrate your business infrastructure. However, fair warning for even the most disciplined security efforts, they are not guaranteed to be a fool-proof prophylactic. Pre-existing backdoors in any of your systems, or malware lying dormant on a network server, can easily compromise your systems through a wake-up command.
But, don’t let that prevent you from working hard to firewall your business from outside hackers. Many hackers go after the easy prey first, and that’s because they can glean vast amounts of data from leaky networks to satisfy their spymasters.
Worst case? Make them work hard to penetrate your computer and network security. You’ll be glad you did. Stay safe!