Hundreds of Cisco Routers Carrying Malware

Nearly 200 Cisco internet routers have been found to carry malware, reports volunteer internet security organisation Shadowserver Foundation. News of infected Cisco routers was first reported by the company itself back in August, when it was revealed that attackers had replaced firmware on the devices with malicious malware implants, allowing them full access to networks and all information passed through it.

Last week, Madiant of FireEye claimed that 14 infected Cisco routers had been over four countries – calling the threat SYNful Knock – though Cisco was quick to point out that it is not the only vendor that is vulnerable to such an attack.

“While Mandiant saw this attack across specific Cisco models, the key focus of this research is more about an evolution in attack types and how important it is for all network administrators to ensure security best practices are implemented,” said Yvonne Malmgren, Business Critical Communications Manager for Cisco Corporate Communications, told SecurityWeek Network devices, of many types and from many companies, are high-value targets for malicious actors.”

Mandiant later reported that the number of confirmed infections of Cisco hardware had risen to 79, over 19 countries. Monday then brought the news, courtesy of Shadowserver, that 199 routers were found to be carrying SYNful Knock, one-third of which are believed to be within the US.

“It is important to stress the severity of this malicious activity. Currently, Shadowserver believes that any machine that responds to this scan is potentially compromised. Compromised routers should be identified and remediated as a top priority,” a Shadowserver spokesperson said.

Cisco has published an article regarding the detection and countenance of SYNful Knock.

Thank you Security Week for providing us with this information.

Image courtesy of diTii.

Sony Hires Mandiant, a Forensics Unit, to Clean Up After Cyber Attack

Mandiant, FireEye Inc.’s forensics unit, has been recruited by Sony Pictures Entertainment to restore and strengthen its computer network in the wake of a cyber attack that resulted in five unreleased movies being leaked online. The FBI has opened an investigation into the incident.

Last Monday, Sony’s system went down, replaced by a red skull and the phrase “Hacked by the #GOP”. The GOP in this instance is not the nickname for the US Republican Party, but a hacker group known as Guardians of Peace. Though Sony have refused to comment on the extent to which their servers have been compromised, e-mails to Sony employees have been bouncing back with a message asking the sender to call the person in question, as the system was “experiencing a disruption”.

Mandiant has a track record at responding to such attacks, having performed a similar role after the Target Corp attack in 2013.

Source: Reuters