The Australian Signals Directorate (ASD) has issued a joint warning alongside nearly two dozen partner agencies about Russian-linked hackers targeting critical Australian industries.
The ASD has highlighted poorly secured network devices as easy targets for hackers linked to Russia's Federal Security Service (FSB).
It says cyber actors operating on behalf of the FSB are targeting critical infrastructure across the globe, including sectors such as financial services, healthcare, defence and communications.
It identified state and local government agencies as particularly vulnerable.
The hackers target poorly protected routers and use simple tools, like guessing default passwords, to gain access and steal information such as login details.
The ASD warning has been issued alongside the United States National Security Agency (NSA) and similar agencies in countries including the UK, New Zealand, Canada, Finland, France and Denmark, among others.
It points to a range of hacking groups it says are frequently responsible, like Berserk Bear, Energetic Bear, Crouching Yeti, Dragonfly, Ghost Blizzard and Static Tundra.
And it suggests some simple steps that can be taken, such as basic network updates, securing network devices and improving passwords.
Alastair MacGibbon, a former head of the Australian Cyber Security Centre, said similar notices have been issued over a number of years.
"There's a unit of one of Russia's intelligence agencies that spent more than a decade essentially breaking into routers and switches that direct traffic inside organisations," he told ABC.
"It's not sophisticated, but it works really well. It's the equivalent of walking around the internet and rattling the doors of organisations to see if they've been essentially left in a factory setting.
"And that eventually allows that intelligence agency to gain access to an organisation."
Five Eyes countries (Australia, the UK, the US, New Zealand and Canada) issued a joint warning last month about the cyber risk posed by artificial intelligence, urging industry and government agencies to pull systems offline that do not need to be online.
Mr MacGibbon said that advice applies in this situation too.
"These are essentially routers, many of which should be sitting behind firewalls; they should never really be accessible to the internet," he said.
"Remembering that a lot of organisations don't really think about security at all, or they don't realise that they have these routers exposed to the internet.
"What it means is that, essentially, in a really high-scale way, the Russians are just walking around the internet looking for an exposed vulnerability to this old protocol, which should never be exposed in a modern world to the internet."
View original source — ABC News ↗


