It was recently announced that networking giant Cisco routers had become the target of malware, but in the past have more of these incidents took place. In total there are six malware attacks that have been discovered over the past four years and examined, let Cisco know themselves.
The most recent incident concerns the SYNFUL Knock-malware, with attackers install a custom operating system on routers. Through the malware continue to keep the attackers access to the corporate network, even resetting the router. To install malicious operating system make the attackers use physical access or stolen credentials.
The first two incidents where malware was used date from 2011 and 2012. These were probably created malware specifically targeted against a particular target. Also in this case, the routers of the control system was modified, with the aim of weakening of the encryption. The traffic seemed therefore still encrypted, but the attackers could then decrypt the traffic with less effort.
IPv4 packets
Two other incidents were identified in 2013. Again knew the attacker with stolen credentials of the administrator to access the router was added code. This code ensured that certain IPv4 packets were sent to the attacker. In addition, the attacker using the additional code reach an IPv4 address that was normally not accessible from the Internet.
End 2014 the fifth incident was noticed. Again, the attack began with stolen credentials. Compared to previous ones, the attackers used this time advanced malware that was able to survive a reboot of the router. This malware also aimed to intercept certain packages and provide the attacker access from the public Internet.
Cisco says it has taken since the discovery of the first malware various measures to better protect the equipment. The attacks, however, continue to evolve. Therefore, the networking giant says that it will add to the medium detection and recovery capabilities to the equipment.
No comments:
Post a Comment