"Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority for the NCSC and our US allies."
The government department set up to improve the UK’s online security has issued a stern warning to all companies, including transport, over the threat posed by Russian state-sponsored cyber attackers. The National Cyber Security Centre (NCSC), the cyber protection arm of the Government Communications Headquarters (GCHQ), believes that Russian hackers are stepping up their campaign to cause widespread disruption with targeted hacks by exploiting weaknesses in computer systems and equipment.
Singling out “private-sector organisations, critical infrastructure providers, and the internet service providers supporting these sectors”, the NCSC said that compromised routers were effectively being used by the Russian government to conduct attacks that support espionage and extract intellectual property.
“Russia is our most capable hostile adversary in cyberspace so tackling them is a major priority for the NCSC and our US allies,” said Ciaran Martin, the centre’s CEO, who added that the advice from the UK and US on how to manage the risk was the first of its kind. “It marks an important step in our fight back against state-sponsored aggression in cyberspace,” he said.
The latest NCSC warning was released in conjunction with a report that provides more information on the worldwide cyber exploitation of network infrastructure devices – such as routers, switches, and firewalls – by Russian state-sponsored cyber actors. In the report, which draws on data from known information and advice gained from industry sources, the GCHQ department explained that Russian hackers could bypass the approach taken by ‘traditional’ hackers – whom install malware to gain access – by taking a more sophisticated method to hijack devices with unencrypted protocols or which are no longer protected by security patches. The document also includes more detailed, technical information that could be applied to stave off attacks.
The NCSC’s official statement will create genuine concern for transport operators, many of whom worry there could be repeats of 2016’s attack on the San Francisco Municipal Transportation Agency (SFMTA) or 2017’s incident on Deutsche Bahn that seriously disrupted and even shut down their computer systems. Also last year, Transport Security World reported that Sacramento Regional Transit (SacRT)’s computer systems were closed for one day after the US operator was targeted by a hacker(s) demanding a ransom.
Where the predicted Russian hacks could differ from those carried out in those examples, however, are the resources and demands. With Deutsche Bahn, SFMTA and SacRT there was the feeling in some circles that it was a small-scale operation – in Sacramento the attacker demanded just £8,000 – but the much publicised anger from Russia over its perceived unfair treatment from the international community in recent months could produce a much more fierce and focused attack on companies and transport operators around the world.
In related news, German authorities last month released details of hacks that took place in 2014 that it believes were orchestrated by a Russian cyber-criminal network called Snake. As reported in Spiegel, the Snake attacks targeted usable information that caused targeted departments “immense damage”, according to an MP from the German parliamentary control committee which has influence over the country’s intelligence services.
You may also be interested in this…