Nearly 200 Cisco routers infected with SYNful Knock
Cisco and ecosystem partner Shadowserver have so far detected nearly 199 routers compromised with the SYNful Knock malware, but Australia has so far escaped infection.
Security intelligence provider Shadowserver revealed on its blog that the two companies have so far identified 199 unique IP addresses matching SYNful Knock behaviour.
SYNful Knock is a router implant designed to replace router firmware with rogue firmware that gives attackers backdoor access to affected devices, even across equipment reboots.
The malware was originally discovered by Mandiant’s FireEye and detected on an initial 14 routers in four countries.
As of an analysis conducted on Sunday, there have now been potential SYNful Knock detections in 31 countries, Shadowserver said. The largest number of compromised routers are in the US (65), followed by India (12) and the Russian Federation (11).
“It is important to stress the severity of this malicious activity. Currently, Shadowserver believes that any machine that responds to this scan is potentially compromised. Compromised routers should be identified and remediated as a top priority,” Shadowserver said in the blog post.
To help avoid infection, Cisco is recommending that enterprises take steps to harden Cisco devices against attacks; implement instrument-based network and device integrity monitoring; and monitor their networks for SYNful knock activity.
Accelerating the adoption of passkeys without compromising user experience
We need authentication methods that remove the human element from the equation, and that's...
Modern CISOs must throw out the traditional cybersecurity playbook
The primary imperative for today's CISOs should be to align the security agenda with business...
AI agents: securing the 'artificial workforce'
Just as they would with new employees, security teams will need to define access policies for...
