Cisco router attacks duck cyber defenses,
hit four countries
Send a link to a friend
[September 15, 2015]
By Eric Auchard
FRANKFURT (Reuters) - Security researchers
say they have uncovered previously unknown attacks on routers which
direct traffic around the Internet, allowing hackers to harvest vast
amounts of data while going undetected by existing cyber security
defenses.
|
The attacks replace the operating system used in network equipment
from Cisco <CSCO.O>, the world's biggest maker of routers, the
computer forensic arm of U.S. security research firm FireEye
<FEYE.O>, Mandiant, said on Tuesday.
So far, Mandiant has found 14 instances of router implants in India,
Mexico, Philippines and Ukraine, the company said in a blog post.
Separately, Cisco confirmed that it had alerted customers to these
attacks on Cisco operating system software platforms.
The company said that it had worked with Mandiant to develop ways
for customers detect the attack, which if found, will require them
to re-image the software used to control their routers.
"If you own (seize control of) the router, you own the data of all
the companies and government organizations that sit behind that
router," FireEye Chief Executive Dave DeWalt said of his company’s
discovery.
Routers operate outside the perimeter of firewalls, anti-virus and
other security tools which organizations around the world use to
safeguard data traffic.
Effectively, the $80 billion which technology market research firm
IDC estimates is spent annually on cyber security tools offer no
protection against this form of attack, according to FireEye.
The malicious program has been dubbed "SYNful", a reference to how
the implanted software can jump from router to router using their
syndication functions.
[to top of second column] |
Computer logs from infected routers suggest the attacks have been
taking place for at least a year, FireEye's DeWalt said.
Cisco said SYNful did not take advantage of any vulnerability in its
own software. Instead it stole valid network administration
credentials from organizations targeted in the attacks or by gaining
physical access to their routers.
The affected routers have been used to hit multiple industries and
government agencies, DeWalt said.
The implanted software, which duplicates normal router functions,
could also potentially affect routers from other makers, he said.
(Reporting by Eric Auchard; editing by Louise Heavens and Jason
Neely)
[© 2015 Thomson Reuters. All rights
reserved.]
Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |