The world's biggest maker of routers is fighting a startlingly effective new cyber attack.
Security researchers say they have uncovered clandestine attacks across three continents on the routers that direct traffic around the internet, potentially allowing suspected cyber spies to harvest vast amounts of data while going undetected.
In the attacks, a highly sophisticated form of malicious software, dubbed SYNful Knock, has been implanted in routers made by Cisco, the world's top supplier, the US security research firm FireEye said on Tuesday.
http://uk.businessinsider.com/r-cisco-routers-vulnerable-to-new-attack-cyber-firm-fireeye-says-2015-9?r=US&IR=T
Lamar Bailey, Vulnerability and Exposures Team Leader at Tripwire explains: “Routers are one of the Holy Grail targets for attackers because they lie outside of many normal security protections. It appears that attackers have targeted specific routers and firmware versions and they are able to gain access to the routers via weak or default credentials. Once the router is compromised they overwrite the firmware with modified, malicious versions designed to run on the specific hardware.
It’s likely that these attackers have either bought these routers new or purchased used ones off eBay in order to reverse engineer the firmware and create malicious versions. Modifying firmware for your own needs or to add new features is a common practice and has been used to great success on home routers and access points (see https://www.dd-wrt.com/site/, https://openwrt.org/, http://www.polarcloud.com/tomato, etc.) This is just the same practice used on a grander scale in order to facilitate cybercrime. The new firmware operates like the original but has some added features that allow the attackers to snoop on the traffic passing through the device.
In order to protect themselves, organizations need to tightly control access to their routers, use strong passwords, and monitor them closely for configuration changes that can indicate compromise.”