Nasty Cisco Attack
This is serious:
Cisco Systems officials are warning customers of a series of attacks that completely hijack critical networking gear by swapping out the valid ROMMON firmware image with one that's been maliciously altered.
The attackers use valid administrator credentials, an indication the attacks are being carried out either by insiders or people who have otherwise managed to get hold of the highly sensitive passwords required to update and make changes to the Cisco hardware. Short for ROM Monitor, ROMMON is the means for booting Cisco's IOS operating system. Administrators use it to perform a variety of configuration tasks, including recovering lost passwords, downloading software, or in some cases running the router itself.
There's no indication of who is doing these attacks, but it's exactly the sort of thing you'd expect out of a government attacker. Regardless of which government initially discovered this, assume that they're all exploiting it by now -- and will continue to do so until it's fixed.
Posted on August 19, 2015 at 12:34 PM • 30 Comments