Cisco Router Attacks: How to Minimize the Impact of Cyber Crime

Written by Lakshmi Nair

The Cisco router attacks which transpired last week gained worldwide attention as the event spread across 200 routers and 31 countries, including the US, India, Ukraine, Russia and the Philippines. Several industries and governmental agencies have also been hit by the attack.

Network infrastructure is the backbone of an organization’s functionality and has long been targeted by attackers. By compromising an infrastructure device, such as a router, the attacker gains access to all data passing through the network traffic, which can then be inspected and analyzed. Furthermore, once the router is hacked, it can be used to infect other sensitive hardware inside the same network. To add to the unnerving nature of this type of attack, since a router is located outside of a company’s network, security tools such as firewalls and antivirus software do not detect the malicious activity.

In the case of Cisco routers, malicious software known as SYNful Knock was implanted by the attackers on these routers, giving them complete control over the network and the ability to harvest and manipulate vast amounts of data that passed through it. Cisco stated that the hackers gained access to these routers not by exploiting any weaknesses in the devices themselves, but rather by obtaining valid network administration credentials.

What impact do cyber crimes such as router attacks have on a business?

The impact of such an attack is severe. Because these types of attacks grant full access to all communications and data about an organization and they can go undetected for quite some time, they can be considered very effective spying tool. Once detected, removing the infection involves re-imaging the basic software used to run the routers. This can be time consuming, but can be performed by network technicians.

There are several proactive measures that can be taken to increase network security.

Start with the basics.

Standard device hardening steps such as changing default configuration, periodic password resets and enabling encryptions should be the first step to making a stronger, more resilient network infrastructure. Performing updates at regular intervals and including a network monitoring or anomaly detection system could prove to be very effective. Though some of these measures can be a bit complicated, they are an effective means to prevent many types of cyber attacks.

Monitor for suspicious activity.

An efficient risk management plan can be applied for all the devices in the network that provide analysis and protection in the event of an attack. For example, suppliers can install software products like patch devices that have the capability to monitor and send an alarm when suspicious activity is detected.

Educate your workforce.

Be proactive about establishing safe internet usage practices amongst your employees. Educate employees about best practices and equip them to be able to recognize any apprehensive behavior in their network or systems. Early detection is key to address the suspicious behavior and avoid adverse repercussions.

With the persistent rise in cyber crime, cyber security is a rising priority for many organizations. Although cyber attacks cannot be predicted, a successful organization will have the right security measures in place and intermittently test the resilience of its systems. The key is to have a comprehensive risk and mitigation program, which if rightly implemented, will help monitor, detect and address this type of attack.