Cisco Routers In Four Countries Assaulted By 'SYNful' Backdoor Malware

Where computer security is concerned, it almost seems like unauthorized access can be granted via an unlimited number of ways. While computer security in the home is obviously very important, having good defenses in the enterprise market is paramount. In some cases, slipping up could result in the loss of millions of dollars, and perhaps result in a major mess to clean up.

Keeping up on that security is easier said than done, though. As security firm FireEye reports, there are some layers of security that simply get overlooked far too often, but soon enough, they won't be able to be ignored. In particular, routers are often overlooked whenever a security breach goes down, but the reality is, if an attacker successfully gains access to a router in order to flash its firmware or slip in other code somehow, they could use it as a gateway to access other computers on the network, or monitor the data that runs through it.

Cisco Router And Switches

There have been cases of this happening already. Certain Cisco routers are involved in these particular cases, and FireEye notes that it's discovered issues in four different countries: Ukraine, Philippines, Mexico, and Canada. It dubs this "router implant" SYNful Knock.

The firm highlights some other important points, such as one where most companies who monitor security vulnerabilities like those often found in the enterprise are largely ignoring routers. Worse still, there could be SYNful Knock implants in other routers anywhere in the world - because of their ability to remain stealthy, it could be some time before we even know.

If you're interested in learning more about the SYNful Knock technique, FireEye has an in-depth report for you to peruse. There's also a webinar to be held this coming Friday for those who want to learn about it that way.


Via:  FireEye
Show comments blog comments powered by Disqus