{"id":88976,"date":"2023-04-19T05:51:00","date_gmt":"2023-04-19T05:51:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=88976"},"modified":"2023-04-19T05:51:00","modified_gmt":"2023-04-19T05:51:00","slug":"cisco-urges-users-to-keep-its-network-hardware-up-to-date","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=88976","title":{"rendered":"Cisco urges users to keep its network hardware up-to-date"},"content":{"rendered":"<div><img decoding=\"async\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/04\/cisco-urges-users-to-keep-its-network-hardware-up-to-date.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><a href=\"https:\/\/www.cisco.com\/site\/uk\/en\/index.html\">Cisco<\/a> has warned enterprise users of its routing and switching hardware to be on the alert for exploitation of a six-year-old vulnerability by nation-state threat actors linked to states such as Russia and China, after UK and US cyber agencies made a similar appeal.<\/p>\n<p>Earlier this week, the UK\u2019s National Cyber Security Centre (NCSC) and its American counterpart highlighted a campaign of malicious activity exploiting <a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20170629-snmp\">CVE-2017-6742<\/a>, a Simple Network Management Protocol (SNMP) remote code execution (RCE) vulnerability in Cisco IOS and IOS XE software, affecting multiple devices.<\/p>\n<p>This activity, attributed to APT28, a Russian intelligence-backed advanced persistent threat (APT) actor, has seen organisations in Europe and the US, and over 250 Ukrainian victims, attacked with <a href=\"https:\/\/www.ncsc.gov.uk\/section\/keep-up-to-date\/malware-analysis-reports\">Jaguar Tooth<\/a> malware, a non-persistent malware targeting Cisco routers, which collects and steals device information and enables unauthenticated backdoor access.<\/p>\n<p>\u201cThis malicious activity by APT28 presents a serious threat to organisations, and the UK and our US partners are committed to raising awareness of the tactics and techniques being deployed,\u201d said NCSC operations director Paul Chichester.<\/p>\n<p>\u201cWe strongly encourage network defenders to ensure the latest security updates are applied to their routers and to follow the other mitigation steps outlined in the advisory to prevent compromise.\u201d<\/p>\n<p>The networking kingpin said it was \u201cdeeply concerned\u201d by the increase in these attacks, which its Talos threat intelligence team has been closely tracking.<\/p>\n<p>Matt Olney, director of Talos threat intelligence and interdiction at Cisco, said that while network infrastructure of all types is bombarded with cyber attacks all the time, because of Cisco\u2019s market dominance its hardware was particularly likely to be targeted, and that in this instance, APT-28 has been particularly successful in compromising infrastructure with out-of-date software, as have other state-backed threat actors.<\/p>\n<blockquote class=\"main-article-pullquote\">\n<p><figure> \u201cRegardless of the context, ageing infrastructure is a risk. Relying on out-of-date gear or utilising out-of-date protocols and technologies will eventually cost your organisation\u201d <\/figure><figcaption> <strong>Matt Olney, Talos, Cisco<\/strong> <\/figcaption><i class=\"icon\" data-icon=\"z\"><\/i> <\/p>\n<\/blockquote>\n<p>\u201cIt is reasonable to conclude that any sufficiently capable national intelligence operation would develop and use the capability to compromise the communications infrastructure of their preferred targets,\u201d wrote Olney.<\/p>\n<p>\u201cWe have observed traffic manipulation, traffic copying, hidden configurations, router malware, infrastructure reconnaissance and active weakening of defences by adversaries operating on networking equipment. Given the variety of activities we have seen adversaries engage in, they have shown a very high level of comfort and expertise working within the confines of compromised networking equipment.<\/p>\n<p>\u201cOur assessment is clear \u2013 that national intelligence agencies and state-sponsored actors across the globe have attacked network infrastructure as a target of primary preference. Route\/switch devices are stable, infrequently examined from a security perspective, often poorly patched and provide deep network visibility. They are the perfect target for an adversary looking to be both quiet and have access to important intelligence capability as well as a foothold in a preferred network,\u201d he said.<\/p>\n<p>Olney went on to share details of multiple highly sophisticated actor behaviours <a href=\"https:\/\/blog.talosintelligence.com\/state-sponsored-campaigns-target-global-network-infrastructure\/\">Cisco Talos has observed<\/a> across different platforms, many of them at critical infrastructure facilities.<\/p>\n<p>\u201cWe are concerned that insufficient awareness and patching, the reliance on end-of-life equipment and the necessity for always-on connectivity make too many infrastructure devices easy prey. The results of these issues range from being an unwitting participant in criminal activity to events of true national security impact,\u201d he wrote.<\/p>\n<p>Olney acknowledged that there were many operational realities that make it hard to maintain a truly secure network, however, given the risks to compromised networking hardware, he said it was important that these obstacles are removed.<\/p>\n<p>\u201cRegardless of the context, ageing infrastructure is a risk. Relying on out-of-date gear or utilising out-of-date protocols and technologies will eventually cost your organisation,\u201d he said.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco has warned enterprise users of its routing and switching hardware to be on the alert for exploitation of a six-year-old vulnerability by nation-state threat actors linked to states such as Russia and China, after UK and US cyber agencies made a similar appeal. Earlier this week, the UK\u2019s National Cyber Security Centre (NCSC) and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":88977,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-88976","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88976","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88976"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88976\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/88977"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88976"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=88976"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=88976"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}