Cisco router break-ins bypass cyber defenses

[cruelsister]

Content source

http://www.reuters.com/article/2015/09/15/us-cybersecurity-routers-cisco-systems-idUSKCN0RF0N420150915

Security researchers say they have uncovered clandestine attacks across three continents on the routers that direct traffic around the Internet, potentially allowing suspected cyberspies to harvest vast amounts of data while going undetected.

In the attacks, a highly sophisticated form of malicious software, dubbed SYNful Knock, has been implanted in routers made by Cisco, the world's top supplier, U.S. security research firm FireEye said on Tuesday.

Routers are attractive to hackers because they operate outside the perimeter of firewalls, anti-virus, behavioral detection software and other security tools that organizations use to safeguard data traffic. Until now, they were considered vulnerable to sustained denial-of-service attacks using barrages of millions of packets of data, but not outright takeover.

 

[Cats-4_Owners-2]

Thanks for this, cruelsister. I immediately checked our router provided by our ISP, AT&T/U-verse. It is "2Wire" gateway...
Although I conduct little to no online commerce or banking, it's a relief not to see the name "Cisco" after reading this!

Update: Now that I've read the entire article, it seems my "corporate network" (which does not exist) is not subject to any direct threat (that I can imagine) but the very idea of 'theoretical vulnerabilities' can stretch ones imagination to dark cavernous places!

 

[Solarquest]

Security researchers say they have uncovered clandestine attacks across three continents on the routers that direct traffic around the Internet, potentially allowing suspected cyberspies to harvest vast amounts of data while going undetected.

In the attacks, a highly sophisticated form of malicious software, dubbed SYNful Knock, has been implanted in routers made by Cisco, the world's top supplier, U.S. security research firm FireEye said on Tuesday.

Routers are attractive to hackers because they operate outside the perimeter of firewalls, anti-virus, behavioral detection software and other security tools that organizations use to safeguard data traffic. Until now, they were considered vulnerable to sustained denial-of-service attacks using barrages of millions of packets of data, but not outright takeover.

Since Soho routers are far from being "bullet proof ", even if with updated and well configured sw/fw, what routers ( models) would you suggest to use?
Thank you

 

[cruelsister]

This was a targeted attack on the Corporate space and shouldn't be of any concern to the Home user. In all the cases the Blackhats had to have either physical access to the router (paid off someone in the company to install the malware) or took advantage of those facilities that never changed the login credentials (password = Password). Once in, all was there for the taking.

As far as the brand of router, any router in existence can be compromised by this method, which is essentially changing the Routers firmware. Some of you folks might even done something similar yourself if you ever used a "modded" firmware to unlock hidden device functionality (God knows I have). These Cisco routers were chosen in this case because they are widely used.

Moral of the story:

1). Many IT guys once at work are very lazy, and let things slide on a Corporate network that they would never even consider doing on their personal Home systems.
2). Never, ever use default passwords on routers.

 

[FleischmannTV]

http://4.bp.blogspot.com/_vNf9jd-Dh.../UVIQdwFhP_g/s1600/simpsons+cisco+systems.png

 

[Solarquest]

I have a soho router and know it's not safe since this model, as many if not all soho routers, were already hacked and are still not patched by the manufacturer.
I asked for a better router, probably not a soho one, that provides better protection and regular updates of firmware.
Which one do you recommend?

 

[Cats-4_Owners-2]

I have a soho router and know it's not safe since this model, as many if not all soho routers, were already hacked and are still not patched by the manufacturer.
I asked for a better router, probably not a soho one, that provides better protection and regular updates of firmware.
Which one do you recommend?

Hello @Solarquest. Although I can't offer an alternative router, you can try the following with what you are now using:
Renaming and Hiding SSID

• Renaming and hiding your SSID reduces the risk of unauthorized users discovering and connecting to your router.
  
  On the Wireless menus, look for the Network Name, or SSID text field and enter a custom name that is easy to remember. This option alternatively can be found on the Wireless Security, Primary Network or Setup pages.
  
  Find the setting marked Wireless SSID Broadcasting or SSID Broadcast and set it to Off or Disabled. The SSID no longer appears in network lists, unless manually entered during connection setup.
  

Source: How to Password Protect a Wireless Router | eHow

 

[Solarquest]

Hello Cats-4_Owners-2,
Thank you for your reply.
Unfortunately even with new password, updated firmware, disabled remote management, hided Ssid many routers can get hacked...that's why I m looking for a better router than soho ones.
Just few new examples I just found..

NetUSB flaw leaves 'millions' of routers, IoT devices vulnerable to hacking | ZDNet

At least 700,000 routers that ISPs gave to their customers are vulnerable to hacking

Blackhat hack trick wallops popular routers • The Register

12 million home and business routers vulnerable to critical hijacking hack

An older one...Fifteen zero days found in hacker router comp romp

And
Hackers hijack 300,000-plus wireless routers, make malicious changes

 

[cruelsister]

Hi Solar- I personally use a Buffalo Router. In my case it's the WXR-1900DHPD. The oly reason I'm using this particular model is that it was forced upon me at a Show (can't understand why I keep getting free stuff). If I had to pay for it myself I probably would go for the 600DHP which is a nice model and half the price.

Buffalo's are reliable and as they aren't the most popular the chances that Blackhats would target them are diminished.