9th April, 2018
1 Min read
Book a Demo
The proof-of-concept exploit code for a vulnerability affecting many Cisco switches has been leveraged by vigilante hackers to mess with networks and data-centers in Russia and Iran.
Reduce your AWS costs by over 50%
Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.
It seems that there’s a bot that is searching for vulnerable Cisco switches via the IoT search engine Shodan and exploiting the vulnerability in them (or, perhaps, it might be using Cisco’s own utility that is designed to search for vulnerable switches). Once it finds a vulnerable switch, it exploits the Smart Install Client, rewrites the config – and thus takes another segment of the Internet down. That results in some data centers being unavailable, and that, in turn, results in some popular sites being down.
The attackers left a contact email address in the message and Motherboard managed to get in touch with them.
Apparently, the idea was to retaliate for “attacks from government-backed hackers on the United States and other countries.”
Read more: HelpNet Security