{"id":51516,"date":"2023-04-18T23:26:00","date_gmt":"2023-04-18T23:26:00","guid":{"rendered":"https:\/\/www.networkworld.com\/article\/3693753\/cisco-warns-of-attacks-on-network-routers-firewalls.html#tk.rss_security"},"modified":"2023-04-18T23:26:00","modified_gmt":"2023-04-18T23:26:00","slug":"cisco-warns-of-attacks-on-network-routers-firewalls","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cisco-warns-of-attacks-on-network-routers-firewalls\/","title":{"rendered":"Cisco warns of attacks on network routers, firewalls"},"content":{"rendered":"
<\/div>\n

Cisco\u2019s Talos security intelligence group issued a warning today about an uptick in highly sophisticated attacks on network infrastructure including routers and firewalls.<\/p>\n

The Cisco warning piggybacks a similar joint warning issued today from The UK National Cyber Security Centre<\/a> (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI) that noted an uptick in threats in part utilizing an exploit that first came to light in 2017.  That exploit targeted an SNMP vulnerability in Cisco routers that the vendor patched in 2017<\/a>. <\/p>\n

But as Cisco and the government agencies noted, similar exploits are being aimed at a broad set of multivendor networking gear, potentially including Juniper, Extreme, Allied-Telesis, HP and others.<\/p>\n

\u201cThe warning involves not just Cisco equipment, but any networking equipment that sits at the perimeter or that might have access to traffic that a significantly capable and well-tooled adversary might have an interest in intercepting and modifying,\u201d said JJ Cummings, Cisco Talos Threat Intelligence & Interdiction team lead. Cummings leads the Talos team tasked with nation-state, critical infrastructure, law enforcement, and intelligence-based concerns.<\/p>\n

In a blog<\/a> noting the increase in threats, Cisco Talos wrote: \u201cWe have observed traffic manipulation, traffic copying, hidden configurations, router malware, infrastructure reconnaissance, and active weakening of defenses by adversaries operating on networking equipment. Given the variety of activities we have seen adversaries engage in, they have shown a very high level of comfort and expertise working within the confines of compromised networking equipment.\u201d<\/p>\n

National intelligence agencies and state-sponsored actors across the globe have attacked network infrastructure as a primary target, Cisco stated. \u201cRoute\/switch devices are stable, infrequently examined from a security perspective, are often poorly patched and provide deep network visibility.\u201d<\/p>\n