The
attacks replace the operating system used in network equipment
from Cisco, the world's biggest maker of routers, the computer
forensic arm of U.S. security research firm FireEye, Mandiant,
said on Tuesday.
So far, Mandiant has found 14 instances of router implants in
India, Mexico, Philippines and Ukraine, the company said in a
blog post.
Separately, Cisco confirmed that it had alerted customers to
these attacks on Cisco operating system software platforms.
The company said that it had worked with Mandiant to develop
ways for customers detect the attack, which if found, will
require them to re-image the software used to control their
routers.
"If you own (seize control of) the router, you own the data of
all the companies and government organizations that sit behind
that router," FireEye Chief Executive Dave DeWalt said of his
company’s discovery.
Routers operate outside the perimeter of firewalls, anti-virus
and other security tools which organizations around the world
use to safeguard data traffic.
Effectively, the $80 billion which technology market research
firm IDC estimates is spent annually on cyber security tools
offer no protection against this form of attack, according to
FireEye.
The malicious program has been dubbed "SYNful", a reference to
how the implanted software can jump from router to router using
their syndication functions.
Computer logs from infected routers suggest the attacks have
been taking place for at least a year, FireEye's DeWalt said.
Cisco said SYNful did not take advantage of any vulnerability in
its own software. Instead it stole valid network administration
credentials from organizations targeted in the attacks or by
gaining physical access to their routers.
The affected routers have been used to hit multiple industries
and government agencies, DeWalt said.
The implanted software, which duplicates normal router
functions, could also potentially affect routers from other
makers, he said.
(Reporting by Eric Auchard; editing by Louise Heavens and Jason
Neely)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
|
|