Router and Infrastructure Security

 Router and Infrastructure Security 

Cisco was the victim of a router and infrastructure attack in which a router “implant,” dubbed SYNful Knock, was reportedly found in 14 routers in four different countries. SYNful Knock is a type of persistent malware that allows an attacker to gain control of an affected device and compromise its integrity with a modified Cisco IOS software image. Mandiant describes it as having different modules enabled via the HTTP protocol and triggered by crafted TCP packets sent to the device

What you need to know: Router implants have been rare, and are largely believed to be theoretical in nature and use. However, recent vendor advisories indicate that these have been seen in the wild. The initial infection vector does not appear to leverage a zero-day vulnerability. It is believed that the credentials are either default or discovered by the attacker in order to install the backdoor. However, the router’s position in the network makes it an ideal target for reentry or further infection

Comments

Popular posts from this blog

Compromised Credentials

SQL Injection