Aussie businesses targeted in spate of router attacks

By on
Aussie businesses targeted in spate of router attacks

Disable SNMP read/write and Cisco smart install.

Attackers are targeting Australian organisations with routers and switches exposed to the internet to steal configuration files and infiltrate their networks, the Australian Cyber Security Centre has warned.

The ACSC said it had identified a threat to switches with the Cisco smart install feature turned on, and routers or switches with simple network management protocol (SNMP) enabled and exposed to the internet.

It said attackers were extracting configuration files in order to nab admin credentials and compromise the router or switch, and potentially other devices on the network.

"Access to the device may facilitate malicious cyber adversaries gaining access to the information that flows through the device," the ACSC warned.

Cisco in February revealed attackers were targeting organisations with smart install enabled in order to abuse the protocol, obtain copies of customer configurations, and hopefully replace an IOS image and execute IOS commands.

Smart install is used by admins to give a switch a minimal configuration that is fetched from a central repository, but organisations can become vulnerable when the feature remains turned on after the device is live.

Smart install has been replaced in newer systems by Cisco's network plug and play feature.

The ACSC advised administrators to check their logs for any unusual activity like configurations or command output obtained by external sources via TFTP, SNMP queries from unexpected sources, and configuration of unexpected GRE tunnels.

It suggested organisations disable SNMP read/write unless it is absolutely needed, in which case admins should either ensure SNMP cannot be connected to untrusted sources, or upgrade the service to SNMPv3 and change all community strings.

Access control lists should also be put in place to restrict SNMP access to the network management platform, and anti-spoofing should be configured at the network edge to drop spoofed packets.

Cisco's smart install feature should also be disabled unless it is strictly required, the ACSC said.

It urged any organisations affected by these attacks to report the incident.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisco router security snmp

Most Read Articles

Centrelink's new payments engine enters build phase

Centrelink's new payments engine enters build phase
NAB to restructure IT, cut staff

NAB to restructure IT, cut staff
Defence worried its $1.8bn Telstra-built network needs urgent action

Defence worried its $1.8bn Telstra-built network needs urgent action
Coles to permanently axe print catalogues in digital move

Coles to permanently axe print catalogues in digital move
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Government Digital Transformation Requires Customer Obsession
Government Digital Transformation Requires Customer Obsession
Master the fundamentals of AWS cost efficiency
Master the fundamentals of AWS cost efficiency
Get IT, finance and business on the same page
Get IT, finance and business on the same page
Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage

Events

Log In

Username / Email:
Password:
  |  Forgot your password?