Aussies targeted in router attacks
The Australian Cyber Security Centre (ACSC) has warned of a wave of attacks targeting Australian organisations through exposed internet-accessible routers and switches.
The attacks have targeted a number of Australian organisations with switches with Cisco Smart Install accessible over the internet, as well as routers and switches with the simple network management protocol (SNMP) enabled.
Cybercriminals are extracting configuration files from these routers and switches that may contain sensitive information including device administrative credentials, and could be used to compromise the router or switch and enable them to target other devices on the network.
The ACSC is calling on administrators of devices that can be directly managed from the internet to review logs for any suspicious activity, including SNMP queries from unexpected sources, configuration changes from external sources or configuration of unexpected generic routing encapsulation (GRE) tunnels for Cisco devices.
To mitigate the threat, the ACSC is recommending organisations disable SNMP read/write functionality and Cisco Smart Install if not strictly required and implement access control lists to restrict SNMP access to network management platforms.
The development follows Cisco’s disclosure in February that attackers are targeting organisations with Smart Install enabled. Cisco has replaced Smart Install with a new network plug-and-play feature in newer systems.
Managing third-party cybersecurity risks in the supply chain
Third-party cybersecurity breaches occur when the victim's defences are compromised through a...
Countering MFA fatigue demands a rethink on user authentication
While MFA remains effective, highly motivated threat actors are using tactics that seek to...
Four common zero-trust misconceptions derailing cybersecurity success
John Kindervag, creator of the zero-trust concept, explores the four most common zero-trust...
