Links News Contact Us About us Privacy Terms FAQ Add feedback Invite a friend Bookmark
Home Games Members Blogs Photos Videos Music Groups Classifieds Events Polls Forums Articles Boards chat
venynx's blog / Uncategorized / 200,000 Cisco Network Switches Reportedly Hacked
200,000 Cisco Network Switches Reportedly Hacked
10 November, 201810 November, 2018 0 comments Uncategorized Uncategorized

200,000 Cisco Network Switches Reportedly Hacked Over 200,000 Cisco network switches or Network Management Software worldwide were hacked Friday, apparently affecting large internet service providers and data centers across the world, especially in Iran, Russia, the United States, China, Europe and India, according to an Iranian government official. The impact of the attack, including data loss, is not yet clear.

It's also not yet clear who carried out the attack. Who's Responsible? But Motherboard reports that someone in control of an email address left in the note on affected machines told the publication: "We were tired of attacks from government-backed hackers on the United States and other countries." Tim Erlin, a vice president at Tripwire, notes: "If you take the reported motivations of the attackers at face value, then you have to view compromised devices in the U.S. as collateral damage. It wasn't their intent to target them, but the internet doesn't always have clear national borders." Avivah Litan, vice president at Gartner Research, offers insights on who might be responsible.

"Because the attack is so visible, it seems more like the work of anarchic hactivists like Anonymous, who make anarchistic political statements in a very visible way," she says. "My take is that the more visible the threat, the less dangerous it is. These guys seems like a bunch of crazy, over-the-top, angry amateur hackers trying to get global attention. I wouldn't look for much logic in their targets - other than they are designed to get them the most attention." Mounir Hahad, head of Juniper Threat Labs at Juniper Networks, adds: "This doesn't look like a serious cyberattack by a well-organized and funded threat actor [nation-state]. The vulnerability is severe enough to cause a lot of damage and implant a man-in-the-middle agent, but it doesn't look like the attacker took advantage of it.

I suspect this is the work of a hacktivist group with sympathy toward the U.S., which had no intention to inflict serious damage." Devices Targeted Iran's minister for communication and information technology, Mohammad Javad Azari-Jahromi, says in a statement: "The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country." About 55,000 devices were affected in the U.S. and 14,000 in China; other victims were located in Europe and India, Azari-Jahromi reports. The hacker attack on Cisco router equipment apparently exploited a vulnerability in software called Cisco Smart Install Client, which allows hackers to run arbitrary code on the vulnerable switches, according to a blog by Kaspersky Lab.

The hackers apparently reset the targeted devices, making them unavailable for reconfiguration and leaving a message that reads: "Do not mess with our election," displaying a U.S. flag on some screens, Kaspersky Lab explains. The statement from Iran's Azari-Jahromi says the attack, which hit internet service providers and cut off web access for subscribers, was made possible by a vulnerability in routers from Cisco, which had earlier issued a warning and provided a patch that some firms had failed to install over the Iranian New Year holiday.

Cisco's Assessment Nick Biasini, threat researcher at Cisco Talos, said in a blog post that by using computer search engine Shodan, it discovered over 168,000 systems are potentially exposed via the Cisco Smart Install Client in 2017, which is an improvement from the reported numbers in 2016, when Tenable reported observing 251,000 exposed Cisco Smart Install Clients. Cisco's executives believe that the hackers have taken advantage of the vulnerabilities, according to the blog. Biasini says that Cisco's Product Security Incident Response Team, after becoming aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue, issued an advisory detailing active scanning associated with Cisco Smart Install Clients, a legacy utility designed to allow no-touch installation of Cisco switches. Cisco contends that the attacks on ISPs and data centers are likely associated with nation-state actors, such as those described in the U.S. CERT's recent alert, which stated that Russian government cyber activity is targeting energy and other critical infrastructure sectors.

TagsTags:  
Comments
  • There are no comments yet

Description
venynx
Posts: 256
Comments: 18
venynx
Categories
Uncategorized (256)
Tags
1 treatment (1)
1 chemicals (1)
1 water (1)
1 mark (1)
1 irish (1)
1 standard (1)
1 1st (1)
Powered by:
BoonEx - Community Software; Dating And Social Networking Scripts; Video Chat And More.
Copyright © 2019 myVajra!