Cisco router attacks hit 4 countries including India: FireEye

By: |
Updated: September 16, 2015 10:13 AM

Cisco routers in India, Ukraine, Philippines and Mexico have been attacked by a sophisticated malicious software that possibly allows cybercriminals to harvest huge amounts of data without being detected, security solutions firm FireEye said today.

ciscoCisco routers in India, Ukraine, Philippines and Mexico have been attacked by a sophisticated malicious software that possibly allows cybercriminals to harvest huge amounts of data without being detected, security solutions firm FireEye said today. (Reuters)

Cisco routers in India, Ukraine, Philippines and Mexico have been attacked by a sophisticated malicious software that possibly allows cybercriminals to harvest huge amounts of data without being detected, security solutions firm FireEye said today.

These routers are installed at strategic locations in India, including at AFNET — which is considered as a secure communication network for Indian Air Force.

The US-based firm is a major supplier to many Indian telecom companies as well.

The attack, which uses a highly sophisticated malicious software called SYNful Knock, has been implanted in routers made by Cisco, FireEye said in its report.

“Mandiant (a FireEye company) can confirm the existence of at least 14 such router implants spread across four different countries: Ukraine, Philippines, Mexico and India,” it added.

Cisco confirmed the attacks saying it has recently alerted its customers to a new sort of attack against networking devices.

“These attacks do not exploit vulnerabilities, but instead use compromised credentials or physical access to install malware on network devices. We’ve shared guidance on how customers can harden their network and prevent, detect and remediate this type of attack,” a Cisco spokesperson said.

FireEye said the router’s position in the network makes it an ideal target for re-entry or further infection.

“The impact of finding this implant on your network is severe and most likely indicates the presence of other footholds or compromised systems. This backdoor provides ample capability for the attacker to propagate and compromise other hosts and critical data using this as a very stealthy beachhead,” it said.

Hackers attack routers as they operate outside the boundaries of firewalls, anti-virus and other security tools that organisations use to safeguard their data traffic.

FireEye said its findings represent the tip of the iceberg on the issue and that further research will be needed to assess the extent of the issue.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1It’s ‘learn from home’ after WFH amid COVID pandemic; Edtech helps in upskilling, reskilling of employees
2Pre-packaged insolvency resolution under IBC for MSMEs: Challenges that may arise in implementation
3Unemployment surges to 10.72% amid COVID-19 pandemic; digital upskilling may help revive job market