By Dave Carey

If you’ve ever wondered how secure routers are, you won’t be surprised to know that hackers have always seen them as a vulnerability to be exploited. Certain groups backed by the Chinese government – with names such as Salt Typhoon and GhostEmperor – have made a specialty out of exploiting large, backbone routers to gain long-term access to organizations’ systems.

Now we’re not really talking here about the router you keep next to your couch in your living room – although that certainly could be compromised if a hacker really wanted to get at you for some reason. In this case, we’re talking about the routers that serve very large institutional networks – especially those made by Cisco, Palo Alto Networks and Ivanti.

It makes sense for hackers to target telecommunications infrastructure. When they can compromise a backbone router, it gives them the ability to control and monitor the flow of global data at a foundational level.

Once they get in, they can modify the router’s configurations to help them maintain a foothold in the system. This includes simple but hard-to-detect tactics like altering Access Control Lists, as well as more complicated measures like setting up encrypted tunnels to blend C2 traffic with normal network operations.

Now they can create privileged user accounts and move between networks – pretty much having the run of the place without company executives being aware of their presence.

This is not impossible to stop, but it does take a few important tasks, including:

• Implementing multiple layers of security control, including strong perimeter defenses, network segmentation, endpoint protection, intrusion detection systems, data encryption, access controls and continued monitoring for anomalies.

• Sharing intelligence about threats with industry peers, government agencies and security vendors.

• Continuing to educate employees about security awareness, including phishing simulations, social engineering techniques and how to use basic cyber-safety practices to ward them off.

• Having a strong incident-response plan at the ready.

  
  

These Chinese-backed cyberattackers are playing a long game. Their goal is to get access to as much of our digital landscape as possible so they can use the access to surveil our data and our operations. They’re not going to stop trying, so we need to make their lives as difficult as possible and implement measures like the ones described above.

Your router makes things convenient, but it needs to be protected. Take that seriously.

If you would like some help with that, call me at 616.217.3019 or e-mail dacarey@cybersynergies.io.