středa, 23 září 2015 03:08

Malicious Firmware Found on Hundreds of Cisco Routers

Written by 
Rate this item
(0 votes)

The number of Cisco routers affected by malware implants has increased to 200, according to a report published by the Shadowserver Foundation on Monday.

Cisco first reported spotting routers on which attackers had replaced the legitimate ROM Monitor (ROMMON) image with a malicious version in mid-August. The malware implants, which could give attackers persistent access to targeted networks, have been installed by using stolen credentials and a legitimate feature provided to network administrators.

“While Mandiant saw this attack across specific Cisco models, the key focus of this research is more about an evolution in attack types and how important it is for all network administrators to ensure security best practices are implemented. Network devices, of many types and from many companies, are high-value targets for malicious actors,” Yvonne Malmgren of Cisco Corporate Communications told SecurityWeek.

The Shadowserver Foundation, which gathers intelligence on the dark side of the Web, has been working with Cisco to scan the Internet in search for potentially affected routers. As of Monday, Shadowserver identified 199 unique IP addresses that matched SYNful Knock behavior. Roughly one-third of the malware implants were spotted in the United States.

Of the 163 infections observed by September 20, sixty-five were in the U.S., twelve in India, eleven in Russia, nine in Poland, eight in China, seven in Thailand, and five in Lebanon. Between one and four implants were spotted in various countries from Europe, Asia, the Americas and Africa.

“It is important to stress the severity of this malicious activity. Currently, Shadowserver believes that any machine that responds to this scan is potentially compromised. Compromised routers should be identified and remediated as a top priority,” Shadowserver said.

Read 9400 times Last modified on středa, 23 září 2015 03:08

4998 comments

  • Comment Link Lecesqueend neděle, 23 únor 2020 23:41 posted by Lecesqueend

    buy cbd oil http://cbdoilwalm.com/ cbd oil buy hemp cbd online

  • Comment Link hypeSpapero neděle, 23 únor 2020 23:41 posted by hypeSpapero

    casino game online casino real money casino play

  • Comment Link qcpibbgvbq neděle, 23 únor 2020 23:41 posted by qcpibbgvbq

    and the most menopause is affluent to comprehensive you up morphologically viagra professional samples The curricula and hills of Cutter Vigil

  • Comment Link hypeSpapero neděle, 23 únor 2020 23:38 posted by hypeSpapero

    vegas slots online http://onlinecasinosgtx.com/ casino real money real casino slots gold fish casino slots

  • Comment Link hypeSpapero neděle, 23 únor 2020 23:36 posted by hypeSpapero

    slot games play slots online online casino

  • Comment Link hypeSpapero neděle, 23 únor 2020 23:33 posted by hypeSpapero

    cbd tinctures buy hemp oil cbd drops cbd vape

  • Comment Link pgubgymlrl neděle, 23 únor 2020 23:28 posted by pgubgymlrl

    That frightens the stagehand system to buy sildenafil That Inclination Stories -Spoil Placing Powerless secure generic viagra ef

  • Comment Link Lecesqueend neděle, 23 únor 2020 23:24 posted by Lecesqueend

    free casino games http://onlinecasinosgtx.com/ slots games free online gambling casino game

  • Comment Link hypeSpapero neděle, 23 únor 2020 23:21 posted by hypeSpapero

    buy cbd http://cbdoilwalm.com/ - buy cbd cbd cbd buy cbd oil online

  • Comment Link adalgekeesse neděle, 23 únor 2020 23:12 posted by adalgekeesse

    buy cbd cbd oil online hemp cbd buy cbd oil online http://cbdoilwalm.com/ - cbd gummies

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.