Recently, Cisco Systems made the news, but not the sort of news any Internet-related business wants to make. Their network hardware was hijacked, and hundreds of thousands of their customers were victims.
As this blog post from Kaspersky Labs reported right when the attack hit: “According to our sources, there’s a massive attack against Cisco switches going on right now—these switches are used in data-centers all across the globe.”
For those on a Cisco network, this was, and continues to be, a frustrating and potentially nightmarish issue. For those who don’t use Cisco networking switches, this event is a reminder that vulnerabilities exist everywhere, and constant vigilance is crucial.
What exactly went wrong?
More than 200,000 Cisco network router switches worldwide were hacked on Friday, April 6, 2018. This affected large Internet service providers and data centers across the world, especially in Iran, Russia, the United States, China, Europe and India. According to an Iranian government official, “Some 55,000 devices were affected in the United States and 14,000 in China.”
As a result of this hack, many users found their Internet connections blocked, websites down, and screens showing an American flag and the note, “We were tired of attacks from government-backed hackers on the United States and other countries.” It seems machines affected in the United States were collateral damage from an attack meant to hit foreign states. Anarchic hactivists are suspected, although no one has been charged.
Mounir Hahad, head of Juniper Threat Labs, a network and security product manufacturer confirmed initial suspicions when he said, “The vulnerability is severe enough to cause a lot of damage and implant a man-in-the-middle agent [a scheme we discussed in a past blog post], but it doesn’t look like the attacker took advantage of it. I suspect this is the work of a hacktivist group with sympathy toward the U.S., which had no intention to inflict serious damage.”
So, good news, we suppose. But it’s only good news compared to what may have been much worse news. A different group could have caused significantly more trouble such as inserting malicious code into networks, locking users out of systems unless ransomware was paid, and so on. And this could still happen. Cisco acted quickly in response to this problem, but there may be other vulnerabilities still yet unfound or exposed. One hacker news site reported that, according to Internet scanning engine Shodan, more than 165,000 systems were still vulnerable days after the attack. Those who didn’t update security patches may still be.
What can you do now?
If you think your system may have been infected, there are a few steps you can take to check. But even if you’re safe, for now, you may be exposed to other vulnerabilities in the future in unexpected ways. Single Path can help you build up your defenses, protect your systems, and help you rebound if you face a malicious computer attack.
As this story demonstrates, patching is critical for all IT assets, including networking components. Single Path provides a wide range of services, from security offerings like Patching, Desktop Security Risk Assessment and Managed Firewall, Content Filtering & Proxy Services, to consulting services so we can analyze your needs and provide ongoing support and advice. Doing nothing is never a good idea; instead, play it safe and play it smart with Single Path.