US & UK: Russia Is Attacking Network Infrastructure Devices

The U.S. and UK released a joint statement accusing Russia of sponsoring groups attacking routers, switches, firewalls, and Network-based Intrusion Detection Systems (NIDS) devices in a campaign that "threatens the safety, security, and economic well-being of the United States."

The statement was issued by the U.S. Computer Emergency Readiness Team (CERT) and based on intel from the FBI, Department of Homeland Security (DHS), and the UK's National Cyber Security Centre (NCSC). In the statement, CERT urged readers to "act on past alerts and advisories issued by the U.S. and U.K. Governments, allied governments, network device manufacturers, and private-sector security organizations."

The U.S. is said to have received information about these attacks starting in 2015. Attackers don't seem to be using zero-day vulnerabilities to compromise their targets. Instead, they prey on devices that weren't properly set up, are no longer supported by their manufacturers, or rely on unencrypted protocols. Russia isn't discovering new vulnerabilities; it's merely exploiting carelessness and obsolescence.

According to CERT, the attackers use these weaknesses to:

identify vulnerable devices;extract device configurations;map internal network architectures;harvest login credentials;masquerade as privileged users;modifydevice firmware,operating systems,configurations; andcopy or redirect victim traffic through Russian cyber-actor-controlled infrastructure.

The end result: "[...] both intermittent and persistent access to both intellectual property and U.S. critical infrastructure that supports the health and safety of the U.S. population." Russia could use this access for its own financial gain--or simply to conduct more devastating attacks on the U.S. As long as the attackers have access to these networks, the U.S. will remain vulnerable to attacks that will arrive with little to no warning.

There's No Easy Fix

Unfortunately, recognizing a problem doesn't automatically solve it. CERT said in its statement that many different groups have to come together to help defend against these attacks. That includes manufacturers, security vendors, ISPs, and network owners and operators, among others. Getting all of those organizations to agree on a course of action, let alone spring into action, will probably be a Herculean task.

The reality is that none of these organizations use outdated and insecure technology out of a sense of nostalgia. They're driven primarily by economic factors--replacing network systems is expensive, for example--and the feasibility of integrating new technology into their systems. Unless they coordinate their efforts, each group's efforts to respond to CERT's warning will address only one part of a much larger problem.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • mapesdhs
    Here comes the MSM fake news once again, pushing the Russia narrative. Sad that toms is buying into it. Because of course our western agencies never do anything dodgy in the other direction. :D (ref wikileaks last year)
  • USAFRet
    20893963 said:
    Here comes the MSM fake news once again, pushing the Russia narrative. Sad that toms is buying into it. Because of course our western agencies never do anything dodgy in the other direction. :D (ref wikileaks last year)

    Just because the West may be doing it, does not mean the Russians aren't also doing it.
  • glitchyrichy
    How does repeating a statement from the US GOV Computer emergency readiness team fake news? They are literally repeating the information from the government.
  • stdragon
    You don't need Russia as an excuse to be patching servers and firmware. If it's not already being done, this FUD isn't going to expedite the need anyways.

  • Zaporro
    Murica at it again, pointing fingers everywhere but not at themselves, and UK should deal with its own immigration problems before jumping on Russia.
  • Ninjawithagun
    Glitch, your are right - this time is for real. But Mapesdhs is right regarding previous fake news reports. Regardless, this is just the way things are to be from this point on. Technology has a price to be paid whenever it is used.
  • therickmu25
    Hasn't China and other nations been using the same tactics for the last 20 years? Weird that we never see articles written about those nations. Almost as if MSM wants to keep propping Russia up as this giant singular threat and blame them for anything that goes array.
    The same Russia who portrayed as a poor, blabbering, toothless, harmless country during Obama's 8 years.
  • Dark Lord of Tech
    All governments participate in this type of scenario.