Yesterday The Department of Homeland Security, The Federal Bureau of Investigation and the UK’s National Cyber Security Center issued a Joint Technical Alert detailing Russian Government sponsored malicious cyber activity. In the wake of the US and UK intervention in Syria there has been, according to the Pentagon, a 2000% increase in targeted cyber attacks. By exploiting security gaps in Network Intrusion Detection Systems, in particular routers, firewalls and switches, these attacks are designed to allow full access of a network to a bad actor.
Own the router – Own the traffic.
Known as “man-in-the-middle” attacks, intrusion into NIDS, disrupts or alters the communication between devices. Once the connection between the attacker’s machine and a targeted network device has been established and authenticated, access to a network is now outside the control of the network administrator. The attacker now has both control of the “traffic” on a network, as well as a path deeper into the network itself. Recently, elements of the UK’s power infrastructure were penetrated by a man-in-the-middle attack that began on an end-of-life server in Vietnam. After the infiltration, new user identities were credentialed by the hacker, access across the network established, culminating in data exfiltration. The hacked identity, footprints, and trail of data exfil were then covered up. While no zero day event was executed, the network and its data were fully compromised.
Harden your Defenses.
Identifying if you have been breached, and protecting against further breaches is paramount. The speed at which hackers (be they Nation-States, ransomware attackers or crypto-miners, proliferate and adapt increases exponentially. Historically, (in the relatively short history of the internet) we have adopted reactive defenses: if we could stop it, we did. En-Net Services partners with companies that have taken a pro-active, predictive and positive approach to cyber defense. You can harden your network defenses with tools that do not rely upon known or revealed malicious viruses. You can identify and stop bad actors at the end-point. You can map, verify, inventory and control all machine-to-machine connections to protect against man-in-middle attacks. En-Net can help you.
We’d like to tell you 100%, fool-proof, guaranteed security is possible, but it doesn’t exist. . . . yet! As AI and machine learning are refined and purposed for cyber protection, the day may come when malicious cyber activity is rendered impotent. Until then, our best defense is vigilance, training and policies, and deployment of cutting edge, best-in-class technology. En-Net Services, in our 22nd year as an IT provider, can help you identify and deploy that technology.
Please contact En-Net to speak to one of our Account Managers about strengthening your network security.