CORRECTED-UPDATE 2-Cisco router break-ins bypass cyber defences

miércoles 16 de septiembre de 2015 03:49 GYT

(Company corrects the 15th paragraph beginning "The malicious programme..." to clarify that the nickname SYNful refers to the signal routers sent to open up communication with other routers, rather than how the implanted software jumps between routers.)

By Eric Auchard

FRANKFURT, Sept 15 (Reuters) - Security researchers say they have uncovered clandestine attacks across three continents on the routers that direct traffic around the Internet, potentially allowing suspected cyberspies to harvest vast amounts of data while going undetected.

In the attacks, a highly sophisticated form of malicious software, dubbed SYNful Knock, has been implanted in routers made by Cisco, the world's top supplier, U.S. security research firm FireEye said on Tuesday.

Routers are attractive to hackers because they operate outside the perimeter of firewalls, anti-virus, behavioural detection software and other security tools that organisations use to safeguard data traffic. Until now, they were considered vulnerable to sustained denial-of-service attacks using barrages of millions of packets of data, but not outright takeover.

"If you own (seize control of) the router, you own the data of all the companies and government organisations that sit behind that router," FireEye Chief Executive Dave DeWalt told Reuters of his company's discovery.

"This is the ultimate spying tool, the ultimate corporate espionage tool, the ultimate cybercrime tool," DeWalt said.

The attacks have hit multiple industries and government agencies, he said.

Cisco confirmed it had alerted customers to the attacks in August and said they were not due to any vulnerability in its own software. Instead, the attackers stole valid network administration credentials from targeted organisations or managed to gain for themselves physical access to the routers.   Continuación...