How to evade the NSA: OpSec guide for journalists also used by terrorists
In a new chapter to the increasing sophisticated world of cyber technology exploitation, U.S. cybersecurity researchers at FireEye have discovered evidence of a stealthy attack vector on Internet traffic network routers that allows cyber espionage to go undetected.
Use of this data extraction and redirection exploit has been observed internationally against network traffic routing devices owned by a variety of private industries and governments agencies across multiple continents.
The attacks have been mainly directed at routers supplied by technology innovator and world-leader Cisco Corporation, but other network device manufacturers may be targeted as well.
With this exploit attackers use a highly sophisticated form of malicious software, dubbed “SYNful Knock.” The malware gains control of the network appliance by replacing the basic operating system software controlling the routers with malicious version. SYNful Knock presents all the qualities of an advanced persistent threat (APT) as it is difficult to detect and remains in place even when devices are shut down and restarted.
Hackers have found network routers are very good targets for attack because the devices usually operate outside the perimeter of traditional cyber defense tools and technologies (e.g., firewalls, anti-virus, intrusion detection/protection systems, HBSS, etc.) used by organizations to safeguard data flows. Controlling the router allows sensitive data to be selectively redirected to unintended destinations.
Until now, routers were considered predominantly vulnerable to only DDoS attacks. SYNFUL Knock represents a significant APT escalation in an adversary’s ability to exploit and defeat cyber devices, tools, and technology.
Chief Information Security Officers (CISOs) must be particularly aware that a cyber defense strategy for protecting the organization involves a thought process that goes beyond traditional concepts of network defense-in-depth. Relying solely on in-house data protection capabilities is too much of a tactical approach to network defense. CISOs must think strategically. Strategies reliant just on tactical defense elements are limited in their ability to defeat a sophisticated adversary who is thinking about data capture beyond an organization’s physical network perimeter.
A CISO’s cybersecurity strategy must incorporate a long range vision view of how the organization uses cyberspace. CISOs must ask, “How is my data protected once it leaves my network?”
Measures taken to protect critical enterprise data and sensitive information must extend beyond the physical perimeter of the network and account for the extension of virtual boundaries.
Related posts