Cisco routers exposed to SYNful Knock cyber attacks2015-09-15 13:57 by Daniela
Tags: Cisco, router, security
Researchers at FireEye have warned about recent attacks in which hackers have been modifying the firmware of Cisco routers and thus getting access to vast ammounts of data from the routers' networks.
This has come to prove that the mythical router implant security attack is not just a myth but a real thing. 14 hacked routers have been identified so far in India, Mexico, Philippines and Ukraine. The SYNful Knock threat has been found in Cisco 1841, 2811 and 3825 routers.
By replacing a device's operating system, hackers gain control over all of the data that sits behind that router, and often the networks of multiple companies and organizations. Attackers can also use the router as an entry point to launch additional attacks against the rest of the infrastructure.
"We believe that the detection of SYNful Knock is just the tip of the iceberg when it comes to attacks using modified router images (regardless of vendor)," the company said in a statement that acts as a lure to a full report on the subject.
"As attackers focus their efforts on gaining persistent access, it is likely that other undetected variants of this implant are being deployed throughout the globe. Addressing this new threat vector will require a different type of approach and will certainly reveal information about previously unknown compromises."
Cisco is the world's biggest router manufacturer. Its routers are often used into corporate and government networks which makes such attacks even more severe. However, the attack is vendor agnostic, meaning it would be just as effective on any other router made by other manufacturer.
Read more -here-