We’ve got some good and bad news about Cisco today. First is Cisco hosting a virtual tech talk with renowned financial services company Credit Suisse. Second, a warning against Russian state-sponsored hackers using custom malware on Cisco’s routers.
Tech talk with Credit Suisse
Earlier this week, Cisco Systems announced that the company, together with financial services company Credit Suisse, is hosting a webcast featuring Jeetu Patel, Cisco’s Security and Collaboration businesses’ Executive Vice President and General Manager.
According to the official news release on Cisco’s website, this tech talk via a webcast will discuss the digital communications technology conglomerate’s security strategy and its products’ distinctive features and capabilities.
The event will be held this April 25th at 1 p.m. Eastern Time. It will be moderated by Credit Suisse’s Managing Director, Sami Badri.
It will be via webcast, and viewers can watch a reply to be broadcast shortly after the event. Interested parties can learn more about it on Cisco’s Investor Relations website.
Warning vs. Russian state-sponsored hackers using Cisco’s routers
A piece of disturbing news has been recently released by various media organizations saying that a warning has been issued by the United States, the United Kingdom, and Cisco against Russian state-sponsored hackers deploying a custom malware using Cisco’s routers, providing these hackers with unauthorized access.
The hackers are called APT28, also known by the names STRONTIUM, Fancy Bear, Sofacy, and Sednit. This hacking group is said to be linked to the General Staff Main Intelligence Directorate of Russia.
APT28 has also been associated with various attacks on U.S. and European interests, as it conducts cyber espionage, among other illicit activities.
The United States Cybersecurity and Infrastructure Security Agency, the United Kingdom National Cyber Security Centre, the National Security Agency, and the Federal Bureau of Investigation yesterday released a joint report detailing how the hackers have been utilizing and exploring an old SNMP flaw on Cisco IOS routers to deploy a custom malware known to be “Jaguar Tooth.”
“Jaguar Tooth modifies the system’s authentication process, allowing unauthenticated access to any local account for any provided password via Telnet and physical sessions. This is achieved by patching askpassword and ask_md5secret to always return true without checking the provided password,” the malware’s description provided by the United Kingdom’s National Cyber Security Center indicated. “It enables unauthenticated backdoor access by patching Cisco IOS authentication routines. This grants access to existing local accounts without checking the provided password, when connecting via Telnet or physical session.”
Cisco admins have been advised to upgrade their routers to the latest firmware to mitigate and counter these attacks.