CHARLOTTE, NC – Calyptix Security Corp. today published a technical report in response to warnings of a Russian cyber attack on network infrastructure devices across the globe. In the report, Calyptix describes the attack and its impact on the company’s flagship product, AccessEnforcer UTM Firewall.
The Russian attack aims to exploit network infrastructure devices – including routers, switches, and firewalls – at businesses and governments worldwide, according to technical alert TA18-106A, published last week by the U.S. Department of Homeland Security (DHS), the U.S. Federal Bureau of Investigation (FBI), and the U.K. National Cyber Security Centre (NCSC).
The attack methods described affect devices with one or more of the following services enabled: Cisco Smart Install (SMI), Generic Routing Encapsulation (GRE), and Simple Network Management Protocol (SNMP).
“The most significant attacks described in the alert – those that leverage SMI – do not apply to AccessEnforcer,” said Ben Yarbrough, CEO, Calyptix Security Corp.
The technical report from Calyptix, Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall, describes the attack, the impact on AccessEnforcer, and recommendations for Calyptix partners and customers to protect their networks.
In the report, Calyptix notes AccessEnforcer does not support SMI or GRE tunneling and provides only a limited SNMP service.
The SNMP agent (version 2) in AccessEnforcer is disabled by default. Once enabled, it makes available AccessEnforcer system data to SNMP monitoring tools. The agent is read-only and cannot initiate management actions or configuration changes, according to the Calyptix report.
“SNMP agents should never be enabled on a public WAN or other untrusted network. Also, SNMP community strings should follow best practices for password complexity,” according to the Calyptix report.
Authorities attribute the cyber attack to Russian state-sponsored actors and say they are targeting government organizations, private sector organizations, critical infrastructure providers, and internet service providers (ISPs). Attackers typically establish a man-in-the-middle position after compromising a device, allowing them to extract or modify device configurations, create GRE tunnels, or redirect network traffic.
For more information on the Russian cyber attack and the impact on AccessEnforcer, click the link below to download your free copy of the report.
About Calyptix Security
Calyptix Security is dedicated to helping small and medium-size businesses secure their networks so they can raise profits, protect investments, and control technology. The company’s flagship product, AccessEnforcer UTM Firewall, makes it easy to protect SMB networks so companies can forget about network security and focus on winning. Developed, built, and serviced in the U.S., AccessEnforcer is a flexible solution for MSPs and VARs to provide security that fits their needs and business models.