Aussie businesses targeted in spate of router attacks

By on
Aussie businesses targeted in spate of router attacks

Disable SNMP read/write and Cisco smart install.

Attackers are targeting Australian organisations with routers and switches exposed to the internet to steal configuration files and infiltrate their networks, the Australian Cyber Security Centre has warned.

The ACSC said it had identified a threat to switches with the Cisco smart install feature turned on, and routers or switches with simple network management protocol (SNMP) enabled and exposed to the internet.

It said attackers were extracting configuration files in order to nab admin credentials and compromise the router or switch, and potentially other devices on the network.

"Access to the device may facilitate malicious cyber adversaries gaining access to the information that flows through the device," the ACSC warned.

Cisco in February revealed attackers were targeting organisations with smart install enabled in order to abuse the protocol, obtain copies of customer configurations, and hopefully replace an IOS image and execute IOS commands.

Smart install is used by admins to give a switch a minimal configuration that is fetched from a central repository, but organisations can become vulnerable when the feature remains turned on after the device is live.

Smart install has been replaced in newer systems by Cisco's network plug and play feature.

The ACSC advised administrators to check their logs for any unusual activity like configurations or command output obtained by external sources via TFTP, SNMP queries from unexpected sources, and configuration of unexpected GRE tunnels.

It suggested organisations disable SNMP read/write unless it is absolutely needed, in which case admins should either ensure SNMP cannot be connected to untrusted sources, or upgrade the service to SNMPv3 and change all community strings.

Access control lists should also be put in place to restrict SNMP access to the network management platform, and anti-spoofing should be configured at the network edge to drop spoofed packets.

Cisco's smart install feature should also be disabled unless it is strictly required, the ACSC said.

It urged any organisations affected by these attacks to report the incident.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisco router security snmp

Sponsored Whitepapers

The ultimate guide to customer IAM
The ultimate guide to customer IAM
10 questions to ask before you select a Network Performance Management tool
10 questions to ask before you select a Network Performance Management tool
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Unlock faster time-to-revenue using Adobe digital document processes
Unlock faster time-to-revenue using Adobe digital document processes
How Security as Code changes development and deployment for the cloud
How Security as Code changes development and deployment for the cloud

Events

Most Read Articles

Aussie Broadband watches its NBN excess bandwidth bill climb

Aussie Broadband watches its NBN excess bandwidth bill climb
Gov pressed to end reliance on IT contractors, fill APS "capability gap"

Gov pressed to end reliance on IT contractors, fill APS "capability gap"
Telstra 'gamifies' cloud cost reduction efforts among internal teams

Telstra 'gamifies' cloud cost reduction efforts among internal teams
Coles keeps a close watch on its Azure cloud costs

Coles keeps a close watch on its Azure cloud costs

Digital Nation

"Kill all you see." The tragic, real world consequences of Facebook’s algorithms
"Kill all you see." The tragic, real world consequences of Facebook’s algorithms
Next generation of Digital Giants growing faster than the originals: Ray Wang
Next generation of Digital Giants growing faster than the originals: Ray Wang
Expect dramatic value chain disruptions every four years: McKinsey Global Institute
Expect dramatic value chain disruptions every four years: McKinsey Global Institute
Q: The trick to effective personalisation? A: Don’t do personalisation
Q: The trick to effective personalisation? A: Don’t do personalisation
COVER STORY: Data centre sustainability scrutiny puts emissions in the spotlight
COVER STORY: Data centre sustainability scrutiny puts emissions in the spotlight

Log In

Email:
Password:
  |  Forgot your password?