This is scary if you’re someone who runs a network with Cisco hardware. It’s come to light via FireEye/Mandiant that more then a dozen compromised router infections have been found in the wild, all targeting Cisco hardware as part of sophisticated attempts to hack into corporate and government networks. In short, if an attacker pwns a router since it sits on the edge of your network, they pwn your network. Now Cisco is aware of this and put out an advisory last month. But that was based on theory. That’s now changed as the Mandiant team found 14 instances of this attack, dubbed SYNful Knock, in four countries: Ukraine, the Philippines, Mexico, and India. What’s worse is that this style of attack has little risk of being detected because nobody watches these devices from a security standpoint. Which means that you might be pwned and not know it.
The threat is summarized in a blog post here. It’s worth a read if you run a network with Cisco gear. And let’s be frank, what large scale company doesn’t?
Related
This entry was posted on September 15, 2015 at 3:25 pm and is filed under Commentary with tags Cisco, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Pwned Cisco Routers Spotted In The Wild Globally
This is scary if you’re someone who runs a network with Cisco hardware. It’s come to light via FireEye/Mandiant that more then a dozen compromised router infections have been found in the wild, all targeting Cisco hardware as part of sophisticated attempts to hack into corporate and government networks. In short, if an attacker pwns a router since it sits on the edge of your network, they pwn your network. Now Cisco is aware of this and put out an advisory last month. But that was based on theory. That’s now changed as the Mandiant team found 14 instances of this attack, dubbed SYNful Knock, in four countries: Ukraine, the Philippines, Mexico, and India. What’s worse is that this style of attack has little risk of being detected because nobody watches these devices from a security standpoint. Which means that you might be pwned and not know it.
The threat is summarized in a blog post here. It’s worth a read if you run a network with Cisco gear. And let’s be frank, what large scale company doesn’t?
Share this:
Like this:
Related
This entry was posted on September 15, 2015 at 3:25 pm and is filed under Commentary with tags Cisco, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.