Nearly 200 Cisco routers infected with SYNful Knock
Cisco and ecosystem partner Shadowserver have so far detected nearly 199 routers compromised with the SYNful Knock malware, but Australia has so far escaped infection.
Security intelligence provider Shadowserver revealed on its blog that the two companies have so far identified 199 unique IP addresses matching SYNful Knock behaviour.
SYNful Knock is a router implant designed to replace router firmware with rogue firmware that gives attackers backdoor access to affected devices, even across equipment reboots.
The malware was originally discovered by Mandiant’s FireEye and detected on an initial 14 routers in four countries.
As of an analysis conducted on Sunday, there have now been potential SYNful Knock detections in 31 countries, Shadowserver said. The largest number of compromised routers are in the US (65), followed by India (12) and the Russian Federation (11).
“It is important to stress the severity of this malicious activity. Currently, Shadowserver believes that any machine that responds to this scan is potentially compromised. Compromised routers should be identified and remediated as a top priority,” Shadowserver said in the blog post.
To help avoid infection, Cisco is recommending that enterprises take steps to harden Cisco devices against attacks; implement instrument-based network and device integrity monitoring; and monitor their networks for SYNful knock activity.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.