SIDEBAR
»
S
I
D
E
B
A
R
«
Has your router been hacked?
Dec 21st, 2015 by aperio

The Internet is a gigantic collection of linked networks that span the globe. The networks are connected using routers.

A router is a specialized computer that directs traffic on the Internet. As the Internet consists of hundreds of thousands of smaller networks linked together, the use of routers is absolutely necessary for it to function.

When you want to visit a particular website, you type the address of the site into your web browser. The address goes to the nearest router and the router decides where the required site is on the Internet.

The router also determines the most efficient path through all the networks to reach a particular destination… based on the traffic in different parts of the Internet and the available connections.

Cisco Systems Inc is an American multinational technology company that designs, manufactures, and sells networking equipment including most of the routers used on the internet. In fact, 85 percent of Internet traffic travels through Cisco’s systems.

Hacked routers

Security firm FireEye announced recently that its researchers have discovered malware (dubbed SYNful) on 14 Cisco routers in the Ukraine, the Philippines, Mexico and India.

SYNful replaces the operating system used in Cisco’s network equipment and thus opens a back door that provides a permanent foothold inside a targeted network.

This enables the hackers to harvest vast amounts of data while going undetected by existing cyber security defenses, according to Mandiant, FireEye’s computer forensic arm.

Cisco have confirmed that it has alerted its customers to these hacking attacks and said that it was working with Mandiant to develop ways for customers to detect the attacks.

Indeed Cisco has published intrusion detection signatures that customers can use to look for attacks in progress which, if found, can then be blocked.

If successful attacks are detected, customers will have to re-image the software used to control their routers.

It is highly probable that many other instances of these hacks have not been discovered, according to FireEye. Indeed it is likely that the infected routers are being used to infect other parts of the Internet.

Because the implanted software duplicates the normal functions of routers it could also affect routers from makers other than Cisco.

How bad is the threat?

Routers operate outside the perimeter of firewalls, anti-virus and other security tools used by organizations to safeguard data traffic.

This means that the estimated US$80 billion spent every year on cyber security tools is money down the drain where this form of attack is concerned.

According to Cisco, SYNful does not take advantage of any vulnerability in its own software. Instead it steals valid network administration credentials from the organizations targeted by the hackers so that it can install itself or it can be installed when the hackers gain physical access to Cisco routers.

No matter how it is installed, if a hacker seizes control of a router then he has control over the data of all the companies and government organizations that flow through that router.

According to FireEye, the affected routers have been used to hit multiple industries and government agencies. The company also says that the router logs indicate that the hacks began well over a year ago.

So what does all this imply for the ordinary consumer, who does his or her shopping and banking online?

The answer depends on who the hackers are working for.

The USA’s global spy agency, the NSA (National Security Agency), has a habit of intercepting networking equipment and installing backdoors before the equipment reaches customers.

This came to light in May 2014. In 2015, Cisco began offering to deliver this kind of equipment directly to customers in order to avoid interception by the NSA or other miscreants.

The latest findings from FireEye suggest that the miscreants, whoever they are, are managing to implant malware on routers no matter how they are being delivered.

While it is likely that the NSA or some other state actor is the culprit, this is not at all certain, even though FireEye says that interception could only be done a handful of sovereign states. In this writer’s view, the miscreants could well be a criminal gang intent on commercial gain.

Perhaps it would be as well to check with you bank to see whether they have any reservations regarding online banking in the light of these revelations.

Business Lessons Learned From The Sony Hack Attack
Jan 5th, 2015 by aperio

The hack attack on Sony has been a business disaster for the movie company.

In addition to leaked emails, revelation of salary data, and unfortunate disclosure of various private opinions regarding movie stars and upcoming films, the company’s stock price fell by double digits.

Sony’s business is of course entertainment and the media has had a field day with all the secret details regarding Hollywood celebrities. The nightly newscasts have played out like a soap opera and the company’s attempts to plug the gaps have been futile at best.

It remains to be seen how all this will play out long-term both internally and externally. Certainly relationships have been stressed to the maximum with corporate executives. Movie makers and “A” list actors may be hesitant to do business with the company.

While many cyber experts, including the FBI, have been quoted as saying this attack was planned and executed at a very high level of sophistication, reports indicate the company was not in full lock-down from a potential breach.

In fact its PlayStation network suffered an attack in 2011. Personal information on millions of PlayStation games were stolen. The network was down for weeks. Many question whether these issues were ever fully addressed.

Admittedly Sony is a worldwide organization and high-level cyber attacks are more likely targeted against larger well-known companies. JP Morgan Chase and eBay were both recent targets.

Still most companies of all sizes can take appropriate steps to ensure the highest levels of security protection are in place.

These include…

1. Investing appropriately in cyber security. Many large corporations don’t allocate the resources for high levels of security. They wait until disaster strikes and then make the appropriate investment in firewalls, anti-viral programs etc. The same holds true for smaller organizations. Unfortunately smaller companies may not have the luxury of an easy of a bounce-back as a multi-national giant. Small firms could lose sales, contacts and key data. A small business could be down for days or even weeks. Such a breach for a smaller organization could make the difference between ensuring a year of profitability or falling into the “red”.

2. Preparing for a well-planned response. All businesses should have a back-up system in place. Electronic off site back-up utilizing the cloud, for example, is a solid way to retain all records and data should records be breached, stolen and/or lost. Proper back-up enables a company to maintain business operations with little downtime as possible.

3. Creating a crisis communications plan. Chances are your firm will not be the subject of intense media scrutiny should a breach occur and important, private data made public. Still in this litigious environment it makes sense to have a plan in place should a crisis occur. This should involve a technology component to discover how the breach occurred and to take the proper IT related steps to prevent it from happening in the future. It should also involve a media component to properly address inquiries from print and television reporters. The document should be reviewed and updated periodically. Hopefully this plan will not need to be enacted but is money well spent should disaster occur.

The hack attack on Sony is a good reminder that an attempted breach can occur to almost any company at any time. Executives should not be hesitant to invest in the highest levels of Internet security no matter the size of the business.

 

Article Source: George Rosenthal
Photo Source: Christopher Skorr
SIDEBAR
»
S
I
D
E
B
A
R
«
»  Substance:WordPress   »  Style:Ahren Ahimsa