Promo2day
US, UK warn of Russian hackers targeting millions of routers - Printable Version

+- Promo2day (https://www.promo2day.com)
+-- Forum: Security Center (https://www.promo2day.com/forumdisplay.php?fid=138)
+--- Forum: Security News (https://www.promo2day.com/forumdisplay.php?fid=52)
+--- Thread: US, UK warn of Russian hackers targeting millions of routers (/showthread.php?tid=23524)



US, UK warn of Russian hackers targeting millions of routers - tarekma7 - 04-16-2018

[Image: kRZpPi8.png]



Quote:Russian spies are looking for vulnerabilities in routers for future attacks. Officials are urging people, and device makers, to take security measures.

Russian hackers are targeting millions of routers around the world, including devices in homes and offices, according to US and UK officials.

In a joint announcement Monday from the US Department of Homeland Security, the FBI and the UK's National Cyber Security Center, officials warned that Russian spies have been looking for vulnerabilities on millions of routers as a tool for future attacks. 

The targets include routers in homes and offices, as well as firewalls and switches from internet service providers, critical infrastructure and major private companies, said National Security Council cybersecurity coordinator Rob Joyce. 

"We have high confidence Russia has carried out a coordinated campaign to gain access to enterprise, small office/home office routers known as SOHO routers, and residential routers, and the switches and connectors worldwide," Joyce said in a conference call.

In a detailed technical alert published after the call, the joint warning said that Russian hackers took advantage of outdated devices, as well as routers with weak defenses. That included routers with default passwords, as well as devices no longer supported by security patches.

The DHS said it's seen Russian activity with scans for vulnerabilities on routers over the past two years, but it's hard to assess how many have been affected. 

"The purpose of these attacks could be espionage, it could be theft of intellectual property, it could be prepositioning for use in times of tension," NCSC Director Ciaran Martin said.

State-sponsored cyberattacks are a national security concern, as hackers look to use vulnerabilities to affect elections, power grids and businesses. The US has taken actions in the last year against alleged hackers from Iran, Russia and North Korea. 

"The attribution of this malicious activity sends a clear message to Russia -- we know what you are doing and you will not succeed," said a spokesperson for the UK government.

In router attacks, consumers can protect themselves by keeping the devices updated. But the responsibility also falls on device makers to issue necessary fixes.

"Once you own the router, you own the traffic," Jeanette Manfra, DHS' top cybersecurity official, said on the conference call.

Compromising a router would allow attackers to steal credentials, as well as use it for future attacks, Joyce added.

"It is a tremendous weapon in the hands of an adversary," the FBI cyber division's deputy assistant director Howard Marshall said. 

The Russian attackers would scan across the internet for routers with vulnerabilities, according to the technical alert. These scans would give an attacker information on the make and model of open routers, allowing them to identify which ones are vulnerable to future attacks.

From there, an attacker has several ways to break into the router. They could use a brute-force attack, where they would spam it with different usernames and passwords until it unlocked. Most of the time, however, hackers are able to get in thanks to default passwords that were never changed.

READ THE FULL ARTICLE You are not allowed to view links. Register or Login to view.