Cisco routers in India, Ukraine, Philippines and Mexico have been attacked by a sophisticated malicious software that possibly allows cybercriminals to harvest huge amounts of data without being detected, security solutions firm FireEye said today.
Indian Air Force secured communication network AFNET, telecom operators and several other government departments use Cisco routers. However, it could not be ascertained which routers were compromised.
The US-based firm is a major supplier to many Indian telecom companies as well. The attack, which uses a highly sophisticated malicious software called SYNful Knock, has been implanted in routers made by Cisco, FireEye said in its report.
“Mandiant (a FireEye company) can confirm the existence of at least 14 such router implants spread across four different countries: Ukraine, Philippines, Mexico and India,” it added. Cisco confirmed the attacks saying it has recently alerted its customers to a new sort of attack against networking devices.
“These attacks do not exploit vulnerabilities, but instead use compromised credentials or physical access to install malware on network devices. We’ve shared guidance on how customers can harden their network and prevent, detect and remediate this type of attack,” a Cisco spokesperson said. FireEye said the router’s position in the network makes it an ideal target for re-entry or further infection.
“The impact of finding this implant on your network is severe and most likely indicates the presence of other footholds or compromised systems. This backdoor provides ample capability for the attacker to propagate and compromise other hosts and critical data using this as a very stealthy beachhead,” it said.
Hackers attack routers as they operate outside the boundaries of firewalls, anti-virus and other security tools that organisations use to safeguard their data traffic. FireEye said its findings represent the tip of the iceberg on the issue and that further research will be needed to assess the extent of the issue.