Friday, 14 August 2015

Cisco Warns Of Attacks Via Infected IOS Images

Cisco has warned businesses to sophisticated attacks against customers using the Cisco IOS software. The Cisco Internetwork Operating System (IOS) is the operating system installed on most network equipment from Cisco.

The attacks that are now observed know an attacker with physical access or administrator to get access to an IOS device.Then, the Cisco ISO is ROMMON image (IOS bootstrap) by a malicious image, so that the attacker maintains full control of the network device. In all cases, the attackers managed to sign with valid credentials of the administrator.

Through the upgrade mechanism they installed the malicious ROMMON image, after which the device was restarted. The advantage of this method of attack is that the attacker retain control of the device, even if it is restarted. Since upgrading the ROMMON image is a standard feature of IOS, there is according to Cisco not a vulnerability. Cisco has several documents about the attack and secure IOS put online and advises clients to go through it.

No comments:

Post a Comment