IOS XE zero-day attacks compromised around 10,000 Cisco devices
By MYBRANDBOOK
Over 10,000 Cisco IOS XE devices have been compromised by attackers who used a key zero-day defect that was just recently made public in order to implant malware. Enterprise switches, aggregation and industrial routers, access points, wireless controllers, and other items are among the equipment running Cisco IOS XE software.
As per threat intelligence company VulnCheck, the maximum severity vulnerability (CVE-2023-20198) has been extensively exploited in attacks targeting Cisco IOS XE systems with the Web User Interface (Web UI) feature enabled, that also have the HTTP or HTTPS Server feature toggled on.
VulnCheck scanned internet-facing Cisco IOS XE web interfaces and discovered thousands of infected hosts. The company has also released a scanner to detect these implants on affected devices.
Cisco cautioned administrators to disable the vulnerable HTTP server feature on all internet-facing systems until a patch becomes available.
Cisco detected the CVE-2023-20198 attacks in late September following reports of unusual behavior on a customer device received by Cisco's Technical Assistance Center (TAC). Evidence of these attacks' dates back to September 18, when the attackers were observed creating local user accounts named "cisco_tac_admin" and "cisco_support."
Moreover, the attackers deployed malicious implants using CVE-2021-1435 exploits and other unknown methods, enabling them to execute arbitrary commands at the system or IOS levels on compromised devices.
"We assess that these clusters of activity were likely carried out by the same actor. Both clusters appeared close together, with the October activity appearing to build off the September activity. The first cluster was possibly the actor's initial attempt and testing their code, while the October activity seems to show the actor expanding their operation to include establishing persistent access via deployment of the implant," Cisco said.
The company also issued a "strong recommendation" for administrators to look for suspicious or recently created user accounts as potential signs of malicious activity linked to this threat.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : Dilip Asbe
At present, Dilip Asbe is heading National Payments Corporation of Ind...
ICONS OF INDIA : RAMESH NATRAJAN
Ramesh Natarajan, CEO of Redington Limited, on overcoming ‘technolog...
Icons Of India : Arundhati Bhattacharya
Arundhati Bhattacharya serves as the Chairperson and CEO of Salesforce...
BEL - Bharat Electronics Limited
BEL is an Indian Government-owned aerospace and defence electronics co...
GeM - Government e Marketplace
GeM is to facilitate the procurement of goods and services by various ...
CERT-IN - Indian Computer Emergency Response Team
CERT-In is a national nodal agency for responding to computer security...
Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable
Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...
Indian Tech Talent Excelling The Tech World - Thomas Kurian, CEO- Google Cloud
Thomas Kurian, the CEO of Google Cloud, has been instrumental in expan...
Indian Tech Talent Excelling The Tech World - JAY CHAUDHRY, CEO – Zscaler
Jay Chaudhry, an Indian-American technology entrepreneur, is the CEO a...