Not a day goes by where a new hack is makes headlines and this time the networking and communications manufacturer Cisco has become the target. Attackers have began targeting critical networking gear from the company which allows them to install malware and steal passwords to alter Cisco hardware.
“The attackers use valid administrator credentials, an indication the attacks are being carried out either by insiders or people who have otherwise managed to get hold of the highly sensitive passwords required to update and make changes to the Cisco hardware,” reported Arstechnica.
“Short forΒ ROM Monitor, ROMMON is the means for booting Cisco’s IOS operating system. Administrators use it to perform a variety of configuration tasks, including recovering lost passwords, downloading software, or in some cases running the router itself.”
IOS devices have been the only ones reported being exploited by attackers who seek to gain complete control over them. The ROMMON works as a remote gateway into the device and once the malicious software is involved, users should be able to see their devices take on their own form, however attackers seem to be focused on taking control of their own networking gear.
“No product vulnerability is leveraged in this attack, and the attacker requires valid administrative credentials or physical access to the system to be successful,” according to the company.
“The ability to install an upgraded ROMMON image on IOS devices is a standard, documented feature that administrators use to manage their networks. No CVE ID will be assigned.Β The significance of the advisory isn’t that the initial firmware can be replaced. As indicated, that’s a standard feature not only with Cisco gear but just about any computing device.”
There hasn’t been any light shown on the process in which the attackers gain the highly sensitive credentials.
Read the full story.