BACKGROUND:
A group of top agencies in the United States and United Kingdom on Thursday warned of an ongoing campaign by Russian government-backed hackers using “brute force” hacking techniques to target hundreds of organisations around the world.
The FBI, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.K.’s National Cyber Security Centre issued a joint advisory outlining the hacking campaign, ongoing since 2019 and carried out by the Russian General Staff Main Intelligence Directorate (GRU).
<p>It shouldn’t surprise anyone that any nation is actively attempting to compromise the credentials of people employed in sensitive or prominent positions; be they in government, industry or the media. Once the account is compromised, there is no easy way to differentiate between the legitimate activities of a user and potentially legitimate, but malicious attempts to access data. This is precisely why security professionals have been recommending MFA solutions for years, and why restricting access rights using techniques like zero-trust networking are so powerful. Access to data and computer systems should be based on a contextually legitimate business need, not on the potential for such a need. For example, there are only very rare situations where someone might need to access all records in a sales database, so if someone is attempting to do so outside of such a situation, then an alarm should sound and the legitimacy of the access confirmed.</p>
<p>This is yet another successful government led campaign, looking to gain intelligence on sensitive sectors that fall in line with the country’s political goals. Recently ranked as 4<sup>th</sup> for its cyber capabilities against all other countries across the globe, it seems the country is very much utilising its cyber powers to conduct spying operations on a global scale. Obtaining these passwords generates countless opportunities, giving access to extremely sensitive data unless organisations are able to make prompt password updates to those accounts believed to have been included in this compromise. Reconnaissance tasks like this have been the crucial key to some of the world’s most prominent historic cyber-attacks. This campaign highlighting the vital importance of adopting multi-factor authentication across your organisation. The use of two publicly known vulnerabilities CVE 2020-0688 and CVE 2020-17144, further emphasises the importance of timely patching management. Unfortunately, espionage campaigns from Russia shall not be going away any time soon. This is a country whose government and intelligence services have no shame in their spying efforts and have been attributed to some of the most significant attacks we have seen across the landscape.</p>