Cyber Security Alert: Your Network Device Is a Hacker’s Delight | Zinc [Insurance]
  • Broadview Heights Ohio
  • Wednesday, Aug 21, 2019
  • 78°F
Cyber Security Alert: Your Network Device Is a Hacker’s Delight
Cyber

Cyber Security Alert: Your Network Device Is a Hacker’s Delight

As the Internet of Things continues to grow, so do opportunities for devious hackers. A multi-national warning has been issued regarding our home and business network devices—think modems, WiFi routers, and repeaters. The Department of Homeland Security (DHS) has noted a large-scale attack launched against specific network devices. So together with the Federal Bureau of Investigation (FBI) and the United Kingdom’s National Cyber Security Centre (NCSC), they’ve issued a Technical Alert warning everyone about ongoing cyber exploitation.

“The current state of U.S. network devices—coupled with a...campaign to exploit these devices—threatens the safety, security, and economic well-being of the United States.”

We’d call that statement attention-worthy. In an effort to get out the warning—especially to “network device vendors, ISPs, public-sector organizations, private-sector corporations, and small office home office (SOHO) customers”—the DHS has reached out to public media outlets. And yet while the story may have perked ears and piqued some interest, it’s easily overwhelmed by the daily onslaught. Even the IT sector could get lost in today’s news, quickly forgetting yesterday’s threats.

Back Doors and Loopholes

Zinc is concerned about our clients’ cyber safety, so we felt it was our duty to keep this alert front and center. The DHS cybersecurity chief advised citizens to learn more about the network devices they’re using—"check what the vendor is, the make and the model...get online...download the vendor guidance for how to address it." Cisco has already been “actively informing customers about the necessary steps to secure” network devices.

It may take a bit of nosing around, but tracking down vendor suggestions on how to secure devices is a must. We’d also recommend that IT folks take a detailed look at the DHS alert and implement suggestions, staying alert to system weaknesses.

Affected systems:

  • Generic Routing Encapsulation (GRE) Enabled Devices
  • Cisco Smart Install (SMI) Enabled Devices
  • Simple Network Management Protocol (SNMP) Enabled Network Devices

So what’s really going on here? The alert warns that outdated or unsecured systems could allow threat actors to get inside company or home networks and exploit security loopholes. This could mean redirecting internet traffic (“spoofing”), stealing login credentials, and editing system settings, among other sneaky moves. Scarier still is the fact that these cybercrooks don’t have to resort to installing malware or other viruses–the system’s weak spots are a built-in back door.

The DHS notes that a prime factor in this breakdown is a neglect to update security systems or download patches that fix weak spots. With holes left open to known threats, it’s easier than easy for cyber criminals to walk right in and hijack or manipulate a system.

“These factors allow for both intermittent and persistent access to both intellectual property and U.S. critical infrastructure that supports the health and safety of the U.S. population.”

All that said, how can you and I—the everyday, average internet users–protect ourselves? The alert goes on to detail the method:

  • Secure routers or other network devices that connect a user to the internet—they’re the most likely targets of cyber intrusion
  • Run antivirus, integrity-maintenance, and other security tools that offer generalized protection
  • Change vendor default settings, “harden” network devices for operations, or perform regular patching
  • Change devices’ default passwords; enforce a strong password policy

The alert also lists plenty of tech-speak for IT handyfolk, explaining specifics that can be implemented to avoid infiltration. The DHS encourages anyone who identifies the criminal use of listed tools or techniques to immediately report information to the National Cybersecurity and Communications Integration Center (NCCIC) or law enforcement.

NCCIC:
customerservice@hq.dhs.gov
888-282-0870

FBI (field office or Cyber Division):
CyWatch@fbi.gov
855-292-3937

In It to Win It Together

Cyber security is a big deal to us at zinc. Our customers entrust us with their data, and we’re committed to protecting that trust. We do all we can to keep their information safe—it’s all about that give and take.

The DHS cybersecurity chief says it best: "...we need individuals - consumers, citizens - and we need companies to all recognize that they have a role to play in keeping this Internet ecosystem safe." So let’s all do our respective parts in cleaning up our cyber habits and making cyber security “Our Shared Responsibility.”

You can share this post!

Cybercasing

Where's the Beef?

Terms & Conditions

These Terms & Conditions govern your use of this website; your use of this website indicates your acceptance of these Terms & Conditions in full.

Kindly note that the information and content provided on this website does not constitute professional advice. Although we do our best to keep everything on this site correct and up-to-date, we do not guarantee the completeness or accuracy of any information provided on this website. Improvements and/or changes in the products, services and/or programs described on this website may be made at any time without notice. We must also advise that hypertext links to other websites do not constitute an endorsement, nor do we guarantee any information provided by those sites.

While we do love when users share what they find on our website, it may be used or shared only for personal purposes. The information and content provided on this website is owned or licensed by Zinc, and should not be used or disseminated for any profit or gain.

While using this website, please be aware that no insurance coverages can be bound and no amendments, supplements, or modifications can be added to your policy, new or existing, unless and until you have received a written binder from us or your insurance company.

For users outside of the US: We make no claims that the content on this web site is appropriate or may be downloaded outside of the United States. If you access the site from outside the United States, you do so at your own risk and are responsible for compliance with the laws of your jurisdiction.

Even though we work hard to ensure the security and safety of our website and its users, we cannot and do not guarantee that this website will operate error-free, nor that this website and its server are without computer viruses or other harmful material. If your use of this website or material from it results in any costs or expenses, we will not be responsible for those costs or expenses. This website and its materials are provided without any warranties of any kind, to the fullest extent permitted by law.

Please bear in mind that we will not be liable for any losses or damages arising under these Terms & Conditions or in connection with this website, whether arising in tort, contract, or otherwise – including, without limitation, any loss of profit, contracts, business, goodwill, data, income, revenue or anticipated savings.

Finally, if for any reason any portion or provision of these Terms & Conditions is ruled to be unenforceable, that provision will be enforced to the maximum extent permissible so as to affect the intent of the Terms & Conditions, and the remainder of the Terms & Conditions will continue in full force and effect.

Request a Quote

Uh oh! Something seems to be amiss. Please check your entries and try again.

Transmission Received

Thanks for getting in touch! You'll receive a confirmation email shortly.