Cisco routers targeted in sophisticated hack
Attack allows hackers to harvest vast amounts of data while going undetected by currect cybersecurity defences
Security researchers from FireEye have uncovered attacks across three continents on Cisco enterprise routers, Reuters reports.
In the attacks, a highly sophisticated form of malicious software, dubbed SYNful Knock, has been implanted in routers made by Cisco, the world's biggest supplier.
Such attacks on routers were thought to be theoretical in nature and especially in use, but now FireEye, through its forensic arm Mandiant, can confirm the existence of at least 14 such router implants spread across four different countries of Ukraine, Philippines, Mexico, and India.
Routers are attractive to hackers because they operate outside the perimeter of firewalls, anti-virus, behavioural detection software and other security tools that organizations use to safeguard data traffic.
Cisco confirmed it had alerted customers to the attacks in August and said they were not due to any vulnerability in its own software. Instead, the attackers stole valid network administration credentials from targeted organizations or managed to gain for themselves physical access to the routers.
Because the attacks actually replace the basic software controlling the routers, infections persist when devices are shut off and restarted.
Network logs from infected routers suggest the attacks have been taking place for at least a year, FireEye's CEO told Reuters. The implanted software, which duplicates normal router functions, could also potentially affect routers from other makers, the CEO added.
Infected hardware devices include Cisco routers 1841, 2811 and 3825, FireEye said. Cisco had discontinued selling the products but still supports customers using them.
FireEye said it was only announcing its discovery after working with Cisco to quietly notify governments and affected parties.