Researchers Find Evidence of Major Attack on Cisco Routers

Routers operate outside the perimeter of firewalls, anti-virus and other security tools which organisations around the world use to safeguard data traffic.

In a blog post, Cisco confirmed that it’s alerted customers vulnerable to the malicious software.

“For those who personal (seize management of) the router, you personal the info of all the businesses and authorities organizations that sit behind that router”, FireEye Chief Government Dave DeWalt stated of his firm’s discovery. Rather, attackers seem to be taking advantage of routers that use passwords that are factory default or are somehow otherwise known. Instead, hackers need access to valid administrative credentials or physical access to the victim’s device.

The SYNful Knock threat has been found in Cisco routers in India, Mexico, the Philippines and the Ukraine, and represents a new attack method and a way of parting companies from their data, Mandiant warned.

“As we saw with attackers adopting nascent services like Twitter and Microsoft TechNet to carry out their attacks and obfuscate their activity, we see here that a very uncommon attack vector has opened a worldwide threat that is highly hard to detect”, Mandiant said. A clandestine modification of the router’s firmware image can be used to maintain perpetual presence in an environment.

Cyber-spies have managed to plant snooping software in Cisco routers, located on three continents, which direct traffic around the Internet.

The malicious programme has been nicknamed “SYNful” in reference to how the implanted software can jump from router to router using the device’s syndication functions.

Cisco (CSCO – Get Report) stock is advancing by 1.28% to $26.03 in late afternoon trading on Tuesday, despite router break-ins that were discovered by security research firm FireEye (FEYE).

Experts reckon there are only a small number of nations with cyber intelligence services which are capable of such attacks on network equipment, including those of Britain, China, Israel, Russian Federation and the United States.

FireEye said the compromises affected companies in various industries as well as government agencies, and appeared to have been in place for at least a year before being discovered.

But the attack is vendor agnostic, meaning it would be just as effective on any router made by any other manufacturer.

The implanted software program, which duplicates regular router features, might additionally probably have an effect on routers from different makers, he stated. Cisco did not immediately respond to PCMag’s request for comment, but Reuters reports that the company has stopped selling these products, though it still provides support for them.

Note: Our initial identification revealed that other models are likely affected based on the similarity in core functionality and IOS code base. “We thought it was best to release this so everyone can fix their routers as fast as possible”, DeWalt said.