This is
serious:
Cisco Systems officials are warning customers of a series
of attacks that completely hijack critical networking gear by swapping
out the valid ROMMON firmware image with one that's been maliciously
altered.
The attackers use valid administrator credentials, an indication
the attacks are being carried out either by insiders or people who have
otherwise managed to get hold of the highly sensitive passwords required
to update and make changes to the Cisco hardware. Short for ROM Monitor,
ROMMON is the means for booting Cisco's IOS operating system.
Administrators use it to perform a variety of configuration tasks,
including recovering lost passwords, downloading software, or in some
cases running the router itself.
There's no indication of who is doing these attacks, but it's exactly
the sort of thing you'd expect out of a government attacker. Regardless
of which government initially discovered this, assume that they're all
exploiting it by now -- and will continue to do so until it's fixed.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.