Nation States & Cyber Conflict

02 May 2018

While it may be only a matter of time until the world witnesses its first fully-fledged cyber conflict between nation states, ultimately it is never too late to start digging your own digital trenches.

US and UK security agencies recently took the unprecedented step of releasing a joint statement warning the Public and Private sectors of ongoing Russian backed cyber-attacks. Information suggests that malicious Russian actors have been exploiting network devices, such as routers, from as far back as 2015.

The believed objective of this exploitation is the control and manipulation of data as well as the deployment of malicious software onto devices for later activation.

While the key targets of this campaign will be government agencies and critical national infrastructure, this does not mean home networks or businesses are safe.  The indiscriminate nature of this cyber attack means anyone could become a victim.

 Once a malicious actor has control of a router, they have access to all the data flowing through it. This provides them not only the ability to snoop on confidential information, but also to redirect and manipulate the data being sent and received. This can easily lead to other devices such as mobile phones and laptops being compromised.

Assuming you don’t want your devices being used as potential foot-soldiers in a future nation state cyber conflict, there are two relatively simple steps you and your business can take to increase your defences.

Router Updates

Ensuring your router is up to date is critical when it comes to protecting its security. If, like many, you are using the router provided by your Internet service provider, security updates should be automatically distributed to your device. However it never hurts to double check. For others, details on how to access your router can typically be easily found through a simple ‘Google’.

Change Default Router Passwords

Your router will have come with default access passwords. While these may seem secure, many are universal across devices or relate to obtainable information such as device serial numbers. Even if a password looks to be secure, you should change it to a new, unique, hard to guess password. It doesn’t need to be hard to remember, but try to use a combination of numbers and letters and don’t make it anything obvious (like your kids names).

For businesses and the more technical minded, I also recommend reading this bulletin provided by the US security services, as well as this from the UK’s Government Communications Headquarters (GCHQ), for additional mitigation methods.

As my colleague Johannes Stillig points out in his 2016 article on cyber-criminals, while budget and skillset are no issue for a nation state sponsored cyber attack, there are still additional steps you can take to make yourself less of a target. Like any home, a burglar is more likely to target the house with the least levels of security.

Receive our monthly newsletter

About the Author

Matthew Hunn

Senior Analyst, Cyber

With extensive experience in conducting digital investigations for a variety of law enforcement agencies and corporate entities, Matthew assists clients by piecing together the evidence left behind after a cyber-attack.

646 934 6219