RUSSIA & YOUR ROUTER
Staging its military forces on the border with Ukraine is Russia’s physical illustration of dominance. While a physical invasion is terrifying, so is waking up in freezing temperatures without power, hot water, and the ability to access cash.
Last week, Ukraine accused Russia of conducting distributed denial of service (referred to as DDoS) cyber-attacks against two banks and the Ukraine Defense Ministry. Both the U.S. and the United Kingdom agreed the attacks originated from Russia. Although each of the targeted victims recovered system control within several hours, these attacks follow the defacement of Ukrainian websites in January 2022, adding to public panic as Russia publicly and virtually flexes its muscles.
With the U.S. vocalizing its disapproval of Russia’s tactics, the Cybersecurity and Infrastructure Security Agency is frantically trying to connect with public and private entities that significantly contribute to or support critical infrastructure (power, banking, healthcare, transportation, etc.) to discuss avenues by which to prepare computer networks for incoming attacks. Referred to as “Shields Up,” this awareness campaign doubles as a national declaration of risk, complete with “free” resources offered by CISA to increase a network’s resiliency.
In addition to CISA’s offerings, basic precautionary measures can reduce an entity or individual’s attractiveness as a cyber-crime target by focusing on router maintenance. As experienced by Ukraine (and countless others worldwide) DDoS attacks are commonly (and often successfully) used to interrupt continuity of operations for an entity.
Akin to a flood that overflows a drainage system, a DDoS attack consists of the attacker using botnets (little computer robots) to quickly send an excessive amount of information packets to the victim’s router so that the router can no longer control the flow of data within a network. These information packets are analogous to debris-filled burst of water from flash floods that overwhelm the drainage channels causing debris blockages (like tree limbs, leaves, garbage, thick algae), so that the drainage channels stop transporting water altogether.
For routers, the rapid receipt of information packets denies the router the ability to transmit and receive data, which causes internet connectivity to seemingly cease and the devices reliant thereon to freeze. With a computer system unable to operate during a DDoS attack, and almost all protective software somewhat reliant on internet connectivity, attackers can capitalize on the downtime by launching secondary attacks or just enjoy the disruption.
With routers usually ignored, they are the weak point for most networks. However, 5 basic precautionary steps can help prevent network flooding by either preparing a defense (like cleaning gutters) or reducing the attractiveness of the target:
Regularly update the router’s firmware (software) from the manufacturer and reset it. Hewlett Packard provides simple steps on how to update a router.
Hire a professional to configure the firewall used to protect your network.
Use a VPN to disguise the router’s IP address so that attacks against your network are harder to pinpoint.
Maintain a back-up router and IP address (preferably from a separate vendor) in the event of a successful DDoS attack.
Disable any remote access features on the router.
If an entity or individual notices dramatically slower internet speeds, a large influx of spam-like emails, slower computer functions (like printing or connection with web-based applications) that eventually “time out,” or a homepage becomes unavailable, there may be an active DDoS attack. Absent an existing relationship with a security vendor, consider contacting law enforcement (FBI, State Fusion Centers, CISA, or the nearest United States Secret Service Field Office).
Disclaimer: Actively securing a router does not negate the need to consistently check for and install operating system updates, configure user account settings correctly, or implement end point detection software.