Businesses are in threat of router attacks: ACSC

Businesses all over the region are warned by the Australian Cyber Security Centre to lock down their network gears. Attackers are seeking to target businesses using Cisco network switches that have a Smart Install feature accessible from the Internet. They can then access admin credentials to the organisation on a successful attack.

Last week the UK’s National Cyber Security Centre issued an advisory stating:

“The configuration files can contain administrative credentials which may then be used to compromise all traffic passing through the router, and allow the actor to target other devices on the network. They have also gained interactive engineer access to some routers,” the NCSC said.

To prevent this from happening ACSC said that network admins should review device logs for activity such as command output obtained by external sources via TFTP, SNMP queries from unexpected sources, or configuration of unexpected GRE tunnels. Businesses should consider disabling Smart Install.