Russian hackers are accused of penetrating up to 400 Australian businesses in 2017 as part of an alleged state-sponsored cyber-espionage campaign, targeting millions of computers across the world.
The Australian government made the announcement in light of an extraordinary joint statement from the US and UK governments pointing a stern finger at Russia for sponsoring cyber-attacks on government, private organisations, critical infrastructure providers and internet services providers.
The Australian government has indicated that the attacks targeted network infrastructure devices such as routers, switches and firewalls, including Cisco networking gear. The attackers allegedly sought to gain access to intellectual property and device admin credentials, to support espionage activities and maintain access to victim networks. Fortunately, there is no indication that any information of Australian victims has been compromised.
Commercially available routers can be a point of entry for hackers to access every connected device in an organisation’s system. The US/UK governments’ joint Technical Alert identified weak points in software that are vulnerable to attack, and advised on how to mitigate security threats.
Important general mitigation strategies your organisation should apply include:
- don’t allow unencrypted management protocols to enter your organisation from the Internet;
- don’t allow Internet access to the management interface of network devices;
- disable unencrypted legacy or weak protocols; and
- enforce a strong password policy.
Cyber Security Minister Angus Taylor said this threat is a reminder that “Australian businesses and individuals are constantly targeted by malicious state and non-state actors, and we must maintain rigorous cyber security practices”.