Worldwide, there appear to have been hacked 79 Cisco routers whose firmware is modified so that the attackers can still access the network. Which allow researchers from the University of Michigan, UC Berkeley and the International Computer Science Institute know.
This week security firm FireEye announced that it had discovered 14 routers where attackers replaced the firmware. How the attackers access to the routers were able to get is unknown, but according to FireEye is probably not using a zero day attack. Earlier also warned Cisco for these attacks and suggested that the attackers with valid credentials to gain access to the routers know.
Once the custom firmware is active can be accessed using special TCP SYN packets. The researchers used ZMap scanner to go through all the public IPv4 addresses on the Internet and to send these packets. A total of 79 routers discovered that responded to the packets, such as would be the case with the custom firmware. 25 of the routers are in the United States. Lebanon (12) and Russia (8) follow at a distance. The researchers are now working to notify all affected organizations.
No comments:
Post a Comment