www.networkworld.com
Open in
urlscan Pro
151.101.66.165
Public Scan
URL:
https://www.networkworld.com/article/3693753/cisco-warns-of-attacks-on-network-routers-firewalls.html
Submission: On June 23 via api from IN — Scanned from DE
Submission: On June 23 via api from IN — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false" placeholder="Start Searching"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Close Ad network world UNITED STATES * United States * Asia * United Kingdom * Glossary * Data Center * SD-WAN * Linux * Events * White Papers/Webcasts * Newsletters × search 5G Cloud * Hybrid Cloud * Private Cloud Data Centers Internet of Things Linux Networking * SD-WAN * VPNs * Wi-Fi Storage Virtualization Windows Server Newsletters Events In-Depth * Features * How-To * News * Opinion * Reviews Blogs Video * 2-Minute Linux Tips * IDG TECH(talk) Channel White Papers/Webcasts From Our Partners * The Latest Content from Our Sponsors More from the Foundry Network The voice of IT leadership Analytics Careers CIO Role Digital Transformation Leadership Project Management Security at the speed of business Application Security Cloud Security Identity Management Information Security Network Security Risk Management Security Software Making technology work for business Blockchain Collaboration Mobile Office Software Security Systems Management Windows Building the next-gen enterprise Analytics Cloud Computing Databases Devops Machine Learning Open Source Software Development * About Us | * Contact | * Republication Permissions | * Privacy Policy | * Cookie Policy | * European Privacy Settings | * Member Preferences | * Advertising | * Foundry Careers | * Ad Choices | * E-commerce Links | * California: Do Not Sell My Personal Info | * Follow Us * * * × Close * Home * Technology Industry * Cisco Systems CISCO WARNS OF ATTACKS ON NETWORK ROUTERS, FIREWALLS CISCO TALOS INTELLIGENCE GROUP'S WARNING FOLLOWS A UK NOTICE ABOUT INCREASING EXPLOITS AGAINST PERIMETER-BASED NETWORKING EQUIPMENT. * * * * * * * By Michael Cooney Senior Editor, Network World | Apr 18, 2023 4:26 pm PDT HYWARDS / Getty Images Cisco’s Talos security intelligence group issued a warning today about an uptick in highly sophisticated attacks on network infrastructure including routers and firewalls. The Cisco warning piggybacks a similar joint warning issued today from The UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI) that noted an uptick in threats in part utilizing an exploit that first came to light in 2017. That exploit targeted an SNMP vulnerability in Cisco routers that the vendor patched in 2017. But as Cisco and the government agencies noted, similar exploits are being aimed at a broad set of multivendor networking gear, potentially including Juniper, Extreme, Allied-Telesis, HP and others. [ Get regularly scheduled insights by signing up for Network World newsletters. ] “The warning involves not just Cisco equipment, but any networking equipment that sits at the perimeter or that might have access to traffic that a significantly capable and well-tooled adversary might have an interest in intercepting and modifying,” said JJ Cummings, Cisco Talos Threat Intelligence & Interdiction team lead. Cummings leads the Talos team tasked with nation-state, critical infrastructure, law enforcement, and intelligence-based concerns. In a blog noting the increase in threats, Cisco Talos wrote: “We have observed traffic manipulation, traffic copying, hidden configurations, router malware, infrastructure reconnaissance, and active weakening of defenses by adversaries operating on networking equipment. Given the variety of activities we have seen adversaries engage in, they have shown a very high level of comfort and expertise working within the confines of compromised networking equipment.” National intelligence agencies and state-sponsored actors across the globe have attacked network infrastructure as a primary target, Cisco stated. “Route/switch devices are stable, infrequently examined from a security perspective, are often poorly patched and provide deep network visibility.” “The idea here is to get the messaging out that network operations teams need to maybe start to approach things slightly differently or at least be more mindful from a security perspective, because there are significantly capable adversaries that are targeting their infrastructure that may or may not, in many of the cases, been significantly tooled or monitored, or updated,” Cummings said. Nominations are open for the 2024 Best Places to Work in IT “What we do see primarily is threats targeting those devices and with these types of attacks, somewhat aging—and certainly outdated from a software perspective—devices,” Cummings said. “What we what we see in almost every instance that I can think of, is the adversary also having some level of pre-existing access to one degree or another to that device.” Cisco noted a number of specific growing threats including: * The creation of Generic Router Encapsulation (GRE) tunnels and the hijacking of DNS traffic, giving the actor the ability to observe and control DNS resolution. * Modifying memory to reintroduce vulnerabilities that had been patched so the actor has a secondary path to access. * Modification of configurations to move the compromised device into a state that lets the actor execute additional exploits. * Installation of malicious software into an infrastructure device that provides additional capabilities to the actor. * The masking of certain configurations so that they can’t be shown by normal commands. RECOMMENDED PRECAUTIONS INCLUDE UPDATING SOFTWARE. As for what can be done to protect networking infrastructure, the biggest and perhaps most obvious step is keeping software up-to-date, Cummings said. “If you fix the vulnerabilities, and you’re running current software, it’s not going to certainly, completely eliminate your risk. But if I get rid of 10 CVEs, that dramatically reduces my risk footprint,” Cummings said. He recommends increasing visibility into device behavior, “because with without visibility, I can’t necessarily catch the bad guy doing the bad guy things. I need to be able to see and understand any change or access that happens to that fully updated device." Similarly, strictly locking down access to those devices makes it much harder for attackers to get to them, he said. The blog also suggests: * Select complex passwords and community strings; avoid default credentials. * Use multi-factor authentication. * Encrypt all monitoring and configuration traffic (SNMPv3, HTTPS, SSH, NETCONF, RESTCONF) * Lock down and aggressively monitor credential systems. * Do not run end-of-life hardware and software. Next read this: * 9 career-boosting Wi-Fi certifications * What is MPLS, and why isn't it dead yet? * 11 ways to list and sort files on Linux * 5 free network-vulnerability scanners * How-to measure enterprise Wi-Fi speeds Related: * Cisco Systems * Network Security * Network Monitoring * Security Michael Cooney is a Senior Editor with Network World who has written about the IT world for more than 25 years. He can be reached at michael_cooney@idg.com. Follow * * * * Copyright © 2023 IDG Communications, Inc. The 10 most powerful companies in enterprise networking 2022 SPONSORED LINKS * dtSearch® - INSTANTLY SEARCH TERABYTES of files, emails, databases, web data. 25+ search types; Win/Lin/Mac SDK; hundreds of reviews; full evaluations * There's a new hybrid cloud agenda. HPE has the playbook for success. Learn more here. * Maximize the ROI of Cisco solutions with Cisco U. Learn more. Network World Follow us * * * * About Us * Contact * Republication Permissions * Privacy Policy * Cookie Policy * European Privacy Settings * Member Preferences * Advertising * Foundry Careers * Ad Choices * E-commerce Links * California: Do Not Sell My Personal Info Copyright © 2023 IDG Communications, Inc. Explore the Foundry Network descend * CIO * Computerworld * CSO Online * InfoWorld * Network World NETWORK WORLD WANTS TO SHOW YOU NOTIFICATIONS -------------------------------------------------------------------------------- YOU CAN TURN OFF NOTIFICATIONS AT ANY TIME FROM YOUR BROWSER Accept Do not accept POWERED BY SUBSCRIBERS