The world’s biggest maker of routers is fighting a startlingly effective new cyber attack. Security researchers say they have uncovered clandestine attacks across three continents on the routers that direct traffic around the internet, potentially allowing suspected cyber spies to harvest vast amounts of data while going undetected. Lamar Bailey, vulnerability and exposures team leader at Tripwire commented on the routers under cyber attack.
[su_note note_color=”#ffffcc” text_color=”#00000″]Lamar Bailey, Vulnerability and Exposures Team Leader at Tripwire :
Routers are one of the Holy Grail targets for attackers because they lie outside of many normal security protections. It appears that attackers have targeted specific routers and firmware versions and they are able to gain access to the routers via weak or default credentials. Once the router is compromised they overwrite the firmware with modified, malicious versions designed to run on the specific hardware.
It’s likely that these attackers have either bought these routers new or purchased used ones off eBay in order to reverse engineer the firmware and create malicious versions. Modifying firmware for your own needs or to add new features is a common practice and has been used to great success on home routers and access points (see HERE, HERE, and HERE etc.) This is just the same practice used on a grander scale in order to facilitate cybercrime. The new firmware operates like the original but has some added features that allow the attackers to snoop on the traffic passing through the device.
In order to protect themselves, organizations need to tightly control access to their routers, use strong passwords, and monitor them closely for configuration changes that can indicate compromise.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.