Cisco routers seized by hackers in four countries

Cisco routers seized by hackers in four countries
© Getty Images

Hackers have found a way to siphon data by taking control of routers, which operate outside of firewalls and other security protections to link computer networks to the Internet, researchers say.

So far, security experts have identified 14 hacked routers in India, Mexico, Philippines and Ukraine, cybersecurity firm FireEye said in a blog post.

ADVERTISEMENT

The attackers targeted devices made by Cisco, the world’s largest manufacturer of routers, but FireEye says the attack would be possible on any router technology.

By replacing a device’s operating system, hackers gain control over all of the data that sits behind that router, and often the networks of multiple companies and organizations. Attackers can also use the router as an entry point to launch additional attacks against the rest of the infrastructure.

“A router implanted with a backdoor provides attackers a very easy entry point to establish a foothold and compromise other hosts and critical data,” FireEye said.

The malicious implants are very difficult to detect, researchers say. Despite their critical role in data flow, routers often get overlooked in security evaluations. FireEye notes that “very few, if any” are monitoring the devices for compromise, making it easy for breaches to slip by unnoticed.

The hackers also did not have to exploit any vulnerability in Cisco’s operating system to gain entry, the company told Reuters. Instead, the attackers stole valid login credentials or gained physical access to the routers.

The firm suggests that this round of attacks is likely just “the tip of the iceberg” when it comes to exploiting routers.

“As attackers focus their efforts on gaining persistent access, it is likely that other undetected variants of this implant are being deployed throughout the globe,” FireEye said.  

Computer logs suggest that the attack had been going on for at least a year and has impacted multiple industries and government agencies, FireEye Chief Executive Officer David DeWalt told Reuters.