Russian Cyber Threat

988

Days after the missile strike on Syria, GCHQ and the FBI have warned of a potential retaliation by Russia– in the form of a cyber attack. The NCSC is on high alert and concern is growing among executives who fear severe disruption of critical infrastructure. IT security experts commented below.

Bill Conner, CEO at SonicWall:

“Cyber attacks like WannaCry and Not-Petya demonstrate governments can and will, use nefarious means to target critical national infrastructure of nation states. There is no doubt that Russia has the ability and the motive to deploy this kind of attack on the West. Many other nation states have this ability too. That said, it is not just national infrastructure at risk. For many state-sponsored hackers, business and governmental department disruption is top of the agenda, much like the NHS attack.”

“As the cyber-arms race continues to escalate, there is increasing pressure on the US and UK governments to truly understand the nature of malware cocktails – the process of mixing threats to concoct brand new, destructive attacks. The risks to businesses and even everyday citizen’s data grow each day. Governments and businesses need to deploy a layered security approach utilizing next generation firewalls, deep packet inspection for encrypted communication, cloud-based multi-engine cloud sandboxing, advanced real-time deep memory inspection, and next generation end-point security with rollback capability.”

Matt Walmsley, EMEA Director at Vectra:

“With stories reporting routers in the USA and UK being compromised by foreign nation states, and a recent increase in security preparation for possible large scale cyber-attacks, enterprises should take another look at how they’re securing their network infrastructure.

Don’t leave the door wide open – No software is perfect so make sure you’re up-to-date with software updates and patches for your network infrastructure. Then make sure you’re not exposing your equipment’s management interfaces and ensure you have changed the default admin credentials. For perimeter devices with internet connectivity this is doubly important.  This may seem like “cybersecurity 101” advice but, only last month, default settings in some Cisco switches allowed over 168,000 devices exposed to the internet to be identified as vulnerable to illicit remote command execution via an admin protocol.

Your firmware may not be that firm – Advance attackers will seek to compromise the underlying firmware of their target platform. Even if you have robust OS level security controls, threats such as Sub-OS rootkits will remain undetected. However, with recent advances in AI-based behaviour threat detection we can now spot in real-time the very subtle signals attackers use to perform command & control (C2) orchestration to devices that have compromised firmware by looking for the attacker’s “knocking” signals hidden within legitimate communications.  With that actionable insight, platforms can be completely reset and their firmware, OS images, and configs reloaded from known good sources.”