It seems attackers have devised a way to gain access to businesses networks by replacing the firmware on at least fourteen reported Cisco business routers. Though there has only been fourteen cases discovered so far, the security vendor FireEye is concerned that this could be a much larger problem than what it is perceived to be. Though a back doored business router was once only considered to be a theoretical scenario, the problem could soon be something that companies have to worry about.
The fourteen infected routers discovered recently have had their firmware modified in such a way that the problem is not easily done away with. The infection, dubbed SYNful by FireEye, still remains in the BIOS even after reboots. If that already is not bad enough, the implant is completely and totally capable of being remotely updated after installation as well. Perhaps even more concerning than the viruses survivability, is just how hard it is to detect it once it has infected a business router. Since such an infection was once only considered theoretical, this is not something that people tend to really look for. That coupled with the fact that the virus lays in the firmware, giving the user access to load different modules and executable files on the router all while maintaining unrestricted access to the system via a backdoor password, makes this a problem that was no quite seen before.
One good thing to note however is the fact that the original fourteen infected routers were likely infected due to the fact that they had default security credentials. Though because this cannot be proven at the time, Cisco is looking into other problems that may have compromised their routers. The known models of routers known so far are the now discontinued Cisco 1841, Cisco 2811 and the Cisco 3825 integrated services routers. Though these are the only models found so far, FireEye believes that other models could also be vulnerable to the attack.
Though it has only been Cisco routers discovered to have been infected, there is a major possibility that other brands of routers could also be compromised with similar tactics. Routers being compromised could very well be a new trend in the future of cyber security that companies need to spend more time looking in to. As stated before, the problem was once considered to be theoretical and something that was highly unlikely to happen. It seems as if now the theoretical threat is now coming to reality.
Do you know how secure your router is?