Multiple Industries and Government Agencies Hit.
Security researchers say they have discovered illegal attacks on three continents in routers that direct traffic on the Internet, potentially allowing suspects cyberspies to collect large amounts of data to pass unnoticed.
In the attacks, a very sophisticated form of malware, dubbed Strike Synful, was implemented in routers manufactured by Cisco CSCO, the largest supplier in the world, the US company's security research FireEye said Tuesday.
Routers are attractive to hackers because they operate outside the perimeter firewall, antivirus, behavioral detection software and other security tools that organizations use to protect data traffic. So far, they considered vulnerable to denial of service through sustained dams million packets of data, but do not take directly.
"If you own (take over) the router is the owner of the data of all companies and government organizations that are behind the router," said CEO Dave DeWalt FireEye Reuters his discovery company.
"This is the tool of espionage last, the ultimate tool of corporate espionage, the tool cybercrime final" DeWalt said.The attacks are multiple industries and government agencies affected, he said.
Cisco confirmed that it had warned customers to attacks in August and said it should not vulnerability in its software. Instead, the attackers stole the credentials of organizations specific network management valid or failed to win for themselves the physical access to the router.
"We shared a guide on how customers can harden the network, and prevent, detect and correct this type of attack," Cisco said in a statement.
In the attacks, a very sophisticated form of malware, dubbed Strike Synful, was implemented in routers manufactured by Cisco CSCO, the largest supplier in the world, the US company's security research FireEye said Tuesday.
Routers are attractive to hackers because they operate outside the perimeter firewall, antivirus, behavioral detection software and other security tools that organizations use to protect data traffic. So far, they considered vulnerable to denial of service through sustained dams million packets of data, but do not take directly.
"If you own (take over) the router is the owner of the data of all companies and government organizations that are behind the router," said CEO Dave DeWalt FireEye Reuters his discovery company.
"This is the tool of espionage last, the ultimate tool of corporate espionage, the tool cybercrime final" DeWalt said.The attacks are multiple industries and government agencies affected, he said.
Cisco confirmed that it had warned customers to attacks in August and said it should not vulnerability in its software. Instead, the attackers stole the credentials of organizations specific network management valid or failed to win for themselves the physical access to the router.
"We shared a guide on how customers can harden the network, and prevent, detect and correct this type of attack," Cisco said in a statement.
Cyberspies responsible Viewed
Total computer forensic arm FireEye Mandiant been found so far 14 cases of prosthesis router in India, Mexico, the Philippines and Ukraine, the company said in a blog. He added that this could be just the tip of the iceberg in terms of attacks-yet-to-be-discovered.
Because the attacks actually replace the control software router base, infections persist when the devices are turned off and restarted. If found to be infected, FireEye said the base software used to control the router must be re-photographed a time consuming task for engineers.
So far, infections of commercial routers, but not unknown, remained largely theoretical threats, DeWalt said, unlike router and consumables used in the home, according to media reports that have been affected by malware in recent years.
Experts estimate that there are only a small number of countries with the intelligence services of information are capable of such attacks on network computers, including Britain, China, Israel, Russia and the United States.
"This business can be obtained only by a handful of players in the nation-state," said DeWalt, although he declined to name the countries that he suspected might be behind the attacks on Cisco routers.
The malware has been dubbed "Synful" in reference to the way the software implemented can jump from one router to another using registers functions.Network syndication infected router device suggest the attacks have taken place for at least a year, said CEO FireEye .
The implemented software that doubles the normal functions of the router, the router could also affect party hardware devices DeWalt said.Infected include the Cisco 1841, 2811 and 3825, FireEye said. Cisco had discontinued products, but customers still support them.
FireEye said he was announcing his discovery only after working with Cisco to communicate quietly governments and stakeholders. "We thought it was best to release this so that everyone can set their routers as quickly as possible," said DeWalt.
Total computer forensic arm FireEye Mandiant been found so far 14 cases of prosthesis router in India, Mexico, the Philippines and Ukraine, the company said in a blog. He added that this could be just the tip of the iceberg in terms of attacks-yet-to-be-discovered.
Because the attacks actually replace the control software router base, infections persist when the devices are turned off and restarted. If found to be infected, FireEye said the base software used to control the router must be re-photographed a time consuming task for engineers.
So far, infections of commercial routers, but not unknown, remained largely theoretical threats, DeWalt said, unlike router and consumables used in the home, according to media reports that have been affected by malware in recent years.
Experts estimate that there are only a small number of countries with the intelligence services of information are capable of such attacks on network computers, including Britain, China, Israel, Russia and the United States.
"This business can be obtained only by a handful of players in the nation-state," said DeWalt, although he declined to name the countries that he suspected might be behind the attacks on Cisco routers.
The malware has been dubbed "Synful" in reference to the way the software implemented can jump from one router to another using registers functions.Network syndication infected router device suggest the attacks have taken place for at least a year, said CEO FireEye .
The implemented software that doubles the normal functions of the router, the router could also affect party hardware devices DeWalt said.Infected include the Cisco 1841, 2811 and 3825, FireEye said. Cisco had discontinued products, but customers still support them.
FireEye said he was announcing his discovery only after working with Cisco to communicate quietly governments and stakeholders. "We thought it was best to release this so that everyone can set their routers as quickly as possible," said DeWalt.
0 comments:
Post a Comment
Note: only a member of this blog may post a comment.