[German]The vendor of switches and other network components warns its customers against attacks by government hackers on critical infrastructure. Vulnerabilities in Cisco products can be a gateway for such attacks.
Advertising
Yesterday I reported in the article Critical vulnerability in Cisco switches about a security hole in Cisco products. The company has provided updates to close the vulnerabilities. Cisco prompts Smart Install client users to patch and securely configure the software.
Security researchers from Cisco's Talos Intelligence Group reports that attackers exploit vulnerabilities in Cisco's Smart Install Client to gain access to providers of critical infrastructure.
The security researchers state that the attacks are carried out by national hackers. They refer to the latest US CERT warnings. This addresses suspected attacks by the Russian government on U.S. agencies and organizations in the fields of energy, nuclear power, commercial facilities, water, aviation and critical production areas in detail. Symantec calls this hacker group Dragonfly.
Security researchers from the security company Embedi found out that millions of Cisco network devices are vulnerable to an open TCP 4786 port. Cisco itself has also noticed a huge increase in traffic to the TCP 4786 port, which began in November 2017 and peaked in April 2018.
(Traffic on CISCO Smart Install Clients, Source: Bleeping Computer)
Advertising
The security warning concerns a Cisco Security Advisory issued in February 2017. Following the publication of the Advisory, an increase in Internet scans for Smart Install instances was observed. The aim is probably CISCO devices that have been set up without adequate security controls. Further details can be at ZDNet.com or at Bleeping Computer.
