Archive

Go to:

August 2018
SMTWTFS
1234
567891011
12131415161718
19202122232425
262728293031
< Jul Sep >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

DHS, FBI Issue Alert Regarding Russian State-Sponsored Cyber Actors
Wednesday, April 18, 2018 6:45 AM

The Department of Homeland Security, the Federal Bureau of Investigation, and the United Kingdom’s National Cyber Security Centre (NCSC) has released an alert regarding Russian state-sponsored cyber actors that are targeting network infrastructure devices in America.

The current state of U.S. network devices—coupled with a Russian government campaign to exploit these devices—threatens the safety, security, and economic well-being of the United States. The purpose of this alert is to inform network device vendors, ISPs, public-sector organizations, private-sector corporations, and small office home office (SOHO) customers about the Russian government campaign, provide information to identify malicious activity, and reduce exposure to this activity.

Since 2015, the U.S. Government has received information from multiple sources—including private and public sector cybersecurity research organizations and allies—that cyber actors are exploiting large numbers of enterprise-class and SOHO residential routers and switches worldwide. The U.S. Government assesses that cyber actors supported by the Russian government carried out this worldwide campaign.

Network devices are often easy targets. Once installed, many network devices are not maintained at the same security level as other general-purpose desktops and servers. The following factors can also contribute to the vulnerability of network devices:

  • Few network devices—especially SOHO and residential-class routers—run antivirus, integrity-maintenance, and other security tools that help protect general purpose hosts.
  • Manufacturers build and distribute these network devices with exploitable services, which are enabled for ease of installation, operation, and maintenance.
  • Owners and operators of network devices do not change vendor default settings, harden them for operations, or perform regular patching.
  • ISPs do not replace equipment on a customer’s property when that equipment is no longer supported by the manufacturer or vendor.
  • Owners and operators often overlook network devices when they investigate, examine for intruders, and restore general-purpose hosts after cyber intrusions.

Learn more about this threat.

_____________________________________­­_______________­­__
  
Assess Your Systems and Manage Your Risk

As technology changes, every credit union faces new security issues. Let Credit Union Resources help you stay on top of it—your future could depend on it. Our team of technology professionals provides guidance on compliance, shares best practices, and performs audits. We have a vested interest in your success, and your cybersecurity matters to us. To find out how we can help you manage cybersecurity and operational risks, contact:

Idrees Rafiq
469-385-6799
800-442-5762, ext. 6799
irafiq@curesources.coop

Deanna Brown
469-385-6464
800-442-5762, ext. 6464
dbrown@curesources.coop

About Credit Union Resources Inc.
Credit Union Resources is a service corporation that provides industry-leading solutions and expertise to credit unions across the country. Credit Union Resources is a wholly owned subsidiary of the Cornerstone Credit Union League, a regional trade association representing the interests of credit unions in Arkansas, Oklahoma, and Texas.