Recent times have revealed a presence of a malware named as SYNful Knock in the Cisco Routers that are compromised and possess a great security threat. The program is embedded in to router illegally through a device’s firmware which could be of any vendor.
The malware is inserted through changing the router’s firmware image which stays even after they are rebooted. There are four countries that comprises of India, Mexico, Ukraine and the Philippines that has reported 14 instances of malware presence in Cisco routers particularly in Cisco 1841 and cisco 3825 router.
The impact of such backdoor malware is that they can access sensitive data of host that are using Cisco routers and can fetch the sensitive data of that organization.
Such events focus on use of stronger firewalls to save the organization when the threat is possessed by foundational devices.
The implant is activated by modifying the Cisco Inter-network operating system as it allows the attacker to use various modules from internet. This helps in getting access to passwords of various systems. It works on http as https is safe. The controller of the entire program allows the TCP packets to have a non –standard sequence with a corresponding numbers.
The modules have the similar functionality as to the backdoor password as the modules are masked as independent executable code or hooks within the router’s IOS. The backdoor password provides entrance to console and Telnet.
The Hacker News also disclosed the Vulnerabilities in Belkin routers which can further lead to escalation and cyberattacks for the attacks like Man in the middle attack. Such examples make a mark when routers are compromised on large levels.
There is one document present on internet that can help people about stating how cisco is compromised and side by side how to shield from such malware can be learned from it.
Posted By: Hacker News | Posted in: News | Time Posted: September 20, 2015 at 7:34 am
Source: CISCO routers infected with backdoor malware called SYNful
Linux Security Blog 