SlideShare a Scribd company logo

LiPari_Assignment8

Download as DOCX, PDF
P
Phillip LiPari

Malware called SYNful Knock has been hijacking internet routers by exploiting default login credentials, allowing threat actors to integrate their own operating system on the routers. Over 200 routers across 31 countries have been infected so far. With access to the routers, threat actors can view all network traffic and use the routers to launch further cyber attacks. Countermeasures have been ineffective due to the new and complex nature of these router hijacking attacks.

1 of 2
Download to read offline
1
2
Phillip LiPari, Writing for Intelligence 23 September 2015 Routers Hijackings pose new Threatto Cybersecurity Executive Summary: Malware that hijacks and replaces the integrated operating system (IOS) of internet routers is likely to become a more commonplace tactic among threat actors. By hijacking routers, threat actors create a beachhead for further cyber-attacks and can view all data accessed via the internet. Countermeasures for these attacks are currently ineffective due to their unique and unprecedented nature. Discussion: SYNful Knock is the name given to the malware used in router hijacking attacks through default login codes. Default login codes are the maintenance usernames and passwords to routers. These logins have long been areas of concern for cybersecurity professionals but went unexploited prior to SYNful.1 Rewriting a router`s IOS allows SYNful to become integrated within the infected router. The SYNful software updates itself regularly once inside the router to ensure an appearance of normal operations.2 These factors allow SYNful to remain undetected for undetermined periods of time. Router based cyber-attacks were only theorized prior to the SYNful attacks on Cisco brand routers revealed on 15 September 2015. The initial estimate of routers compromised was 14 routers in four countries but it has since risen to over 200 routers in 31 countries. As many as 60 of these routers are located in the US and so far they have only been found in networks used by private companies.3 “This attack vector is very much a reality and will most likely grow in popularity and prevalence” stated David Dewalt, CEO of the cybersecurity firm FireEye. 4 Dewalt also stated that Cisco brand routers were not the only brand susceptible to these attacks. Due to the complexity and scope of the attacks, Dewalt claims a state actor is likely responsible. 5 Thus far there have been no accusations toward any specific state or group. Infected routers send data to the threat actors controlling them as well as the intended destination via the internet. In addition to compromising massive amounts of data, infected routers serve as a beachhead for further attacks on a network.6 Reformatting infected routers is Basic diagram of a router connected to the internet, SYNful would have access to anything connected to the router (in this case the two computers)
the only way to eliminate SYNful due to the IOS integration. FireEye recommends a thorough examination of networks compromised by infected routers.7 Cisco stated that routers are both valuable to threat actors as well as key points of defense within a network. Since SYNful and router attacks in general are still vague and difficult to prevent, they will remain an effective attack method.8 Considering the lack of a defensive strategy, Cisco`s security division is currently developing methods to detect and repel router attacks.9 Source Reliability: Moderate With questions or concerns, please contact the author: Email: plipar35@lakers.mercyhurst.edu Phone: (585) 752-9449 Peer reviewed by: Austin Wood Graphic source: http://www.microsoft.com/library/media/1033/windowsxp/images/using/networking/setup/68573- router-diagram.gif Endnotes 1 http://news.softpedia.com/news/some-wifi-routers-can-be-hacked-using-a-hard-coded-default-login- 490207.shtml (L) 2 http://searchsecurity.techtarget.com/news/4500253817/Cisco-router-malware-in-the-wild-more-widespread- than-first-believed (H) 3 http://fcw.com/articles/2015/09/15/cisco-router.aspx (M) 4 http://www.networkworld.com/article/2984124/security/attackers-can-take-over-cisco-routers-other-routers- at-risk-too.html (M) 5 http://www.fierceenterprisecommunications.com/story/even-more-cisco-devices-found-be-infected-synful- knock/2015-09-21 (M) 6 http://www.crn.com/news/networking/300078193/hundreds-of-cisco-routers-infected-with-synful-knock- partners-say-attack-changing-sales-strategy.htm (M) 7 http://www.infosecurity-magazine.com/news/cisco-synful-knock-threat-victims/ (M) 8 http://www.ibtimes.com/router-hack-creates-ultimate-listening-device-monitor-countrys-entire-internet- 2097511 (M) 9 http://www.eweek.com/security/synful-knock-malware-found-on-almost-200-cisco-routers.html (M)

More Related Content

PPTX
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
PPTX
Seminar (network security)
Gaurav Dalvi
 
PPTX
Presentation on Cyber Security
Anand Kater
 
PDF
Internet Security
Peter R. Egli
 
DOCX
CLASS VII COMPUTER SECURITY
Rc Os
 
PPTX
Wireless security report
Marynol Cahinde
 
PPT
voice
chaitu64
 
DOCX
Network security
Madhumithah Ilango
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
Seminar (network security)
Gaurav Dalvi
 
Presentation on Cyber Security
Anand Kater
 
Internet Security
Peter R. Egli
 
CLASS VII COMPUTER SECURITY
Rc Os
 
Wireless security report
Marynol Cahinde
 
voice
chaitu64
 
Network security
Madhumithah Ilango
 

What's hot (20)

PPTX
What is network security and Types
Vikram Khanna
 
PDF
Network Security Research Paper
Pankaj Jha
 
PPTX
Top 5 wi fi security threats
gruzabb
 
PPTX
Network Security
Manoj Singh
 
PPTX
Network security
Nkosinathi Lungu
 
PPTX
IOT privacy and Security
noornabi16
 
PPTX
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
PDF
Cyber Attack Analysis
codefortomorrow
 
PPT
Tutorial 9 - Security on the Internet
dpd
 
PPTX
Types of cyber attacks
krishh sivakrishna
 
PDF
Anatomy of a cyber attack
Mark Silver
 
PDF
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IJNSA Journal
 
PDF
IoT Device Security Tips
Centextech
 
PPTX
Trusted Wireless Environment (TWE)
Ryan Orsi
 
PDF
IoT security-arrow-roadshow #iotconfua
Andy Shutka
 
PPTX
Presentation network security
cegonsoft1999
 
PDF
SS7 Vulnerabilities
PositiveTechnologies
 
PPTX
Network security
Madhumithah Ilango
 
PDF
A Guide to 802.11 WiFi Security by US-CERT
David Sweigert
 
PDF
Is Security Optional20100608
aljapaco
 
What is network security and Types
Vikram Khanna
 
Network Security Research Paper
Pankaj Jha
 
Top 5 wi fi security threats
gruzabb
 
Network Security
Manoj Singh
 
Network security
Nkosinathi Lungu
 
IOT privacy and Security
noornabi16
 
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Cyber Attack Analysis
codefortomorrow
 
Tutorial 9 - Security on the Internet
dpd
 
Types of cyber attacks
krishh sivakrishna
 
Anatomy of a cyber attack
Mark Silver
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IJNSA Journal
 
IoT Device Security Tips
Centextech
 
Trusted Wireless Environment (TWE)
Ryan Orsi
 
IoT security-arrow-roadshow #iotconfua
Andy Shutka
 
Presentation network security
cegonsoft1999
 
SS7 Vulnerabilities
PositiveTechnologies
 
Network security
Madhumithah Ilango
 
A Guide to 802.11 WiFi Security by US-CERT
David Sweigert
 
Is Security Optional20100608
aljapaco
 
Ad

Viewers also liked (13)

PDF
Davis Vision Decison
Cristian Carrillo
 
PDF
Angola ulke raporu_2013
UlkeRaporlari2013
 
PPT
Untitled Powtoon 56
ttest9569
 
PDF
ID Card
Hemanta Senapati
 
PDF
Iscon Platinum Details
REMAXRealtySolutions1
 
PDF
Venda de roses
Lamitjana5 Lamitjana
 
PPT
Untitled Powtoon 47
ttest9569
 
DOCX
Financial management
Nalitye Nghitewapo
 
PDF
Hindistan ulke raporu_2013
UlkeRaporlari2013
 
PDF
Nijer ulke raporu_2013
UlkeRaporlari2013
 
PDF
Nikaragua ulke raporu_2013
UlkeRaporlari2013
 
PDF
(343)long populismo, neoliberalismo y neonacionalism odocx
ManfredNolte
 
PDF
(350)pdf long los regalos de los magos
ManfredNolte
 
Davis Vision Decison
Cristian Carrillo
 
Angola ulke raporu_2013
UlkeRaporlari2013
 
Untitled Powtoon 56
ttest9569
 
ID Card
Hemanta Senapati
 
Iscon Platinum Details
REMAXRealtySolutions1
 
Venda de roses
Lamitjana5 Lamitjana
 
Untitled Powtoon 47
ttest9569
 
Financial management
Nalitye Nghitewapo
 
Hindistan ulke raporu_2013
UlkeRaporlari2013
 
Nijer ulke raporu_2013
UlkeRaporlari2013
 
Nikaragua ulke raporu_2013
UlkeRaporlari2013
 
(343)long populismo, neoliberalismo y neonacionalism odocx
ManfredNolte
 
(350)pdf long los regalos de los magos
ManfredNolte
 
Ad

Similar to LiPari_Assignment8 (20)

PDF
Recognizing security threats
Kishore Kumar
 
PDF
File000141
Desmond Devendran
 
PDF
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Canada
 
PDF
Cisco connect winnipeg 2018 anatomy of an attack
Cisco Canada
 
PDF
The Network as a Sensor, Cisco and Lancope
Cisco Enterprise Networks
 
PDF
Anatomy of an Attack
Cisco Canada
 
PDF
Anatomy Of An Attack
Cisco Canada
 
PDF
Cisco Security Architecture
Cisco Canada
 
PDF
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Canada
 
PDF
Cisco 2014 Midyear Security Report
Cisco Security
 
PDF
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Canada
 
PDF
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
PDF
All about routers
agwanna
 
PDF
Ch 13: Network Protection Systems
Sam Bowne
 
PDF
Ddos attack definitivo
lilith333
 
PDF
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
PPTX
Network Security.pptx
John572978
 
PPTX
Two for Attack: Web and Email Content Protection
Cisco Canada
 
PPTX
640-554 IT Certification and Career Paths
hibaehed
 
PPT
Ccna+sec+ch01+ +overview+security
mysoria
 
Recognizing security threats
Kishore Kumar
 
File000141
Desmond Devendran
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Canada
 
Cisco connect winnipeg 2018 anatomy of an attack
Cisco Canada
 
The Network as a Sensor, Cisco and Lancope
Cisco Enterprise Networks
 
Anatomy of an Attack
Cisco Canada
 
Anatomy Of An Attack
Cisco Canada
 
Cisco Security Architecture
Cisco Canada
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Canada
 
Cisco 2014 Midyear Security Report
Cisco Security
 
Cisco Connect Vancouver 2017 - Anatomy of Attack
Cisco Canada
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
All about routers
agwanna
 
Ch 13: Network Protection Systems
Sam Bowne
 
Ddos attack definitivo
lilith333
 
2021 01-13 reducing risk-of_ransomware
AlgoSec
 
Network Security.pptx
John572978
 
Two for Attack: Web and Email Content Protection
Cisco Canada
 
640-554 IT Certification and Career Paths
hibaehed
 
Ccna+sec+ch01+ +overview+security
mysoria
 

LiPari_Assignment8

  • 1. Phillip LiPari, Writing for Intelligence 23 September 2015 Routers Hijackings pose new Threatto Cybersecurity Executive Summary: Malware that hijacks and replaces the integrated operating system (IOS) of internet routers is likely to become a more commonplace tactic among threat actors. By hijacking routers, threat actors create a beachhead for further cyber-attacks and can view all data accessed via the internet. Countermeasures for these attacks are currently ineffective due to their unique and unprecedented nature. Discussion: SYNful Knock is the name given to the malware used in router hijacking attacks through default login codes. Default login codes are the maintenance usernames and passwords to routers. These logins have long been areas of concern for cybersecurity professionals but went unexploited prior to SYNful.1 Rewriting a router`s IOS allows SYNful to become integrated within the infected router. The SYNful software updates itself regularly once inside the router to ensure an appearance of normal operations.2 These factors allow SYNful to remain undetected for undetermined periods of time. Router based cyber-attacks were only theorized prior to the SYNful attacks on Cisco brand routers revealed on 15 September 2015. The initial estimate of routers compromised was 14 routers in four countries but it has since risen to over 200 routers in 31 countries. As many as 60 of these routers are located in the US and so far they have only been found in networks used by private companies.3 “This attack vector is very much a reality and will most likely grow in popularity and prevalence” stated David Dewalt, CEO of the cybersecurity firm FireEye. 4 Dewalt also stated that Cisco brand routers were not the only brand susceptible to these attacks. Due to the complexity and scope of the attacks, Dewalt claims a state actor is likely responsible. 5 Thus far there have been no accusations toward any specific state or group. Infected routers send data to the threat actors controlling them as well as the intended destination via the internet. In addition to compromising massive amounts of data, infected routers serve as a beachhead for further attacks on a network.6 Reformatting infected routers is Basic diagram of a router connected to the internet, SYNful would have access to anything connected to the router (in this case the two computers)
  • 2. the only way to eliminate SYNful due to the IOS integration. FireEye recommends a thorough examination of networks compromised by infected routers.7 Cisco stated that routers are both valuable to threat actors as well as key points of defense within a network. Since SYNful and router attacks in general are still vague and difficult to prevent, they will remain an effective attack method.8 Considering the lack of a defensive strategy, Cisco`s security division is currently developing methods to detect and repel router attacks.9 Source Reliability: Moderate With questions or concerns, please contact the author: Email: plipar35@lakers.mercyhurst.edu Phone: (585) 752-9449 Peer reviewed by: Austin Wood Graphic source: http://www.microsoft.com/library/media/1033/windowsxp/images/using/networking/setup/68573- router-diagram.gif Endnotes 1 http://news.softpedia.com/news/some-wifi-routers-can-be-hacked-using-a-hard-coded-default-login- 490207.shtml (L) 2 http://searchsecurity.techtarget.com/news/4500253817/Cisco-router-malware-in-the-wild-more-widespread- than-first-believed (H) 3 http://fcw.com/articles/2015/09/15/cisco-router.aspx (M) 4 http://www.networkworld.com/article/2984124/security/attackers-can-take-over-cisco-routers-other-routers- at-risk-too.html (M) 5 http://www.fierceenterprisecommunications.com/story/even-more-cisco-devices-found-be-infected-synful- knock/2015-09-21 (M) 6 http://www.crn.com/news/networking/300078193/hundreds-of-cisco-routers-infected-with-synful-knock- partners-say-attack-changing-sales-strategy.htm (M) 7 http://www.infosecurity-magazine.com/news/cisco-synful-knock-threat-victims/ (M) 8 http://www.ibtimes.com/router-hack-creates-ultimate-listening-device-monitor-countrys-entire-internet- 2097511 (M) 9 http://www.eweek.com/security/synful-knock-malware-found-on-almost-200-cisco-routers.html (M)