Uncle Sam Says
Don't Be Indolent. Change That
Password!
Earlier this month, FBI Director Christopher Wrays testified before the
House of Representatives about an effort the FBI made to
disable the Volt Typhoon hacking group and their fileless malware. Volt
Typhoon is just one example of fileless malware.
As explained by the Microsoft Copilot, "No Files are Required."
Unlike typical malware that relies on downloading and executing files on your computer, fileless malware doesn't need to drop any files onto your hard drive. Instead, it operates directly within your computer's memory.
These innovative hacking techniques are also known as "Living Off the Land (LOTL)." Again, citing MS Copilot:
No New Files: Unlike traditional malware attacks that rely on downloading and executing files, LOTL attacks do not require the installation of any code or scripts** within the target system. Instead, the attacker leverages **existing tools** already present in the environment.
Beginning July 30, 2023, The Dispatches reported extensively last summer on how these new attacks do not involve infecting Windows or any other computer application or files, but instead attackers imbedded their malware into home and small office routers. These vulnerable Internet connected devices then become the platform from which other cyberattacks are launched.
Volt Typhoon was the most widely discussed malware that employs these fileless techniques. As Director Wray said in his testimony before Congress, and as explained in a DOJ Press Release, dated January 31, 2024, Chinese cyber terrorists leveraged vulnerabilities in often End Of Life (EOL) networking gear to plot and execute attacks on American critical infrastructure. The title of Uncle Sam's Press Release told the whole story: "U.S. Government Disrupts Botnet People’s Republic of China Used to Conceal Hacking of Critical Infrastructure." Also in the Press Release, Attorney General Merrick Garland is quoted saying:
The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people.
And, indeed, Uncle Sam continues to undo the damage done by this vulnerable end-of-life networking gear. EOL products are those outdated devices and software that no longer are supported by their various manufacturers and vendors. Windows XP is fine representative example of an EOL operating system. Only under very unusual circumstances does Microsoft offer patches for Windows XP.
It's the end-of-life routers that the FBI is now urging Americans to replace. In the same Press Release noted above, Special Agent in Charge Douglas Williams of the FBI Houston Field Office was quoted thusly:
By ensuring home and small-business routers are replaced after their end-of-life expiration, everyday citizens can protect both their personal cyber security and the digital safety of the United States. We need the American public’s vigilance and support to continue our fight against malicious PRC-sponsored cyber actors.
To this end, the FBI has also taken down another botnet thriving off of the land. These attackers, however, exploited other vulnerabilities in home and small business routers. This time, as Bleeping Computer reported, February 15, 2024, the hacker group responsible was "controlled by GRU Military Unit 26165, also tracked as APT28, Fancy Bear, and Sednit." In its Press Release of February 15, 2024, the Department of Justice explains how it obtained a court order to disrupt a botnet that exploited the "Moobot malware on Ubiquiti Edge OS routers that still used publicly known default administrator passwords." Here the fileless hacking techniques were less the result of EOL products, as they were publicly known default passwords that had allowed hackers access to Consumers' networks.
The DOJ Press Release states that its actions taken on these vulnerable routers to disable the Russian botnet are not permanent. It states clearly that:
... the court-authorized steps to disconnect the routers from the Moobot network are temporary in nature; users can roll back the firewall rule changes by undertaking factory resets of their routers or by accessing their routers through their local network (e.g., via the routers’ web-based user interface). However, a factory reset that is not also accompanied by a change of the default administrator password will return the router to its default administrator credentials, leaving the router open to reinfection or similar compromises.
Many newer routers come with random default passwords that are unique to each device. Many, however, still use "password" or some other well known, or easily guessed, default password. There are four steps Uncle Sam wants us all to take to harden our networks so as not to become ensnared in Fancy Bear's clutches. These four steps are:
1. Perform a hardware factory reset to flush the file
systems of malicious files;
2. Upgrade to the latest firmware
version;
3. Change any default usernames and passwords; and
4. Implement strategic firewall rules to prevent the unwanted
exposure of remote management services.
And, finally, The FBI
strongly encourages router owners to avoid exposing their devices to the
internet until they change the default passwords.
The advice DOJ gives, however, may well be beyond the ability of many Consumers to perform. It is, now, however, each citizen's patriotic duty to harden their computer network. If you do not know how to do these actions, please seek out a knowledgeable professional to help you keep Fancy Bear in hibernation. Your school; your hospital; your local water treatment plant are all depending on you to do your duty to help keep this country and its citizens safe from those who only want to harm Americans and its allies.
"For the second time in two months, we’ve disrupted state-sponsored hackers from launching cyber-attacks behind the cover of compromised U.S. routers,” ... “We will continue to leverage all of our legal authorities to prevent harm and protect the public — whether the hackers are from Russia, China, or another global threat.”
— Deputy Attorney General Lisa Monaco
Gerald Reiff
| Back to Top | ← previous post | next post → |
| If you find this article of value, please help keep the blog going by making a contribution at GoFundMe or Paypal | ||