IOS XE zero-day attacks compromised around 10,000 Cisco devices
By MYBRANDBOOK
Over 10,000 Cisco IOS XE devices have been compromised by attackers who used a key zero-day defect that was just recently made public in order to implant malware. Enterprise switches, aggregation and industrial routers, access points, wireless controllers, and other items are among the equipment running Cisco IOS XE software.
As per threat intelligence company VulnCheck, the maximum severity vulnerability (CVE-2023-20198) has been extensively exploited in attacks targeting Cisco IOS XE systems with the Web User Interface (Web UI) feature enabled, that also have the HTTP or HTTPS Server feature toggled on.
VulnCheck scanned internet-facing Cisco IOS XE web interfaces and discovered thousands of infected hosts. The company has also released a scanner to detect these implants on affected devices.
Cisco cautioned administrators to disable the vulnerable HTTP server feature on all internet-facing systems until a patch becomes available.
Cisco detected the CVE-2023-20198 attacks in late September following reports of unusual behavior on a customer device received by Cisco's Technical Assistance Center (TAC). Evidence of these attacks' dates back to September 18, when the attackers were observed creating local user accounts named "cisco_tac_admin" and "cisco_support."
Moreover, the attackers deployed malicious implants using CVE-2021-1435 exploits and other unknown methods, enabling them to execute arbitrary commands at the system or IOS levels on compromised devices.
"We assess that these clusters of activity were likely carried out by the same actor. Both clusters appeared close together, with the October activity appearing to build off the September activity. The first cluster was possibly the actor's initial attempt and testing their code, while the October activity seems to show the actor expanding their operation to include establishing persistent access via deployment of the implant," Cisco said.
The company also issued a "strong recommendation" for administrators to look for suspicious or recently created user accounts as potential signs of malicious activity linked to this threat.
TAC Security becomes Cyber Security Assessor for the App Defen
The cybersecurity company, TAC Security has been selected as a key Cyber ...
InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce
In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...
Download masked Aadhaar to improve privacy
Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...
Sterlite Technologies' Rs 145 crore claim against BSNL rejecte
An arbitrator has rejected broadband technology company Sterlite Technolog...
SAMSUNG INDIA ELECTRONICS PVT. LTD.
STERLITE TECHNOLOGIES LTD.
ATRIE TECHNOLOGY PVT. LTD.
HP INDIA SALES PVT. LTD.
Technology Icons Of India 2023: Anant Maheshwari
As President of Microsoft India, he is responsible for Microsoft’s o...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
Technology Icons Of India 2023: Deepinder Goyal
Deepinder Goyal is the Founder and CEO of Zomato. Deepinder, or Deepi,...
BBNL empowering rural India digitally
BBNL provide high speed digital connectivity to Rural India at afforda...
Leading company into fertilizers in the country
NFL is a dynamic organization committed to serve the farming community...
DRDO is India's largest and most diverse research organisation
DRDO is the R&D wing of Ministry of Defence, Govt of India, with a vis...
INGRAM MICRO INDIA PVT. LTD.
Ingram Micro India, a large national distributor offers a comprehensiv...
RAH INFOTECH
RAH Infotech is India’s fastest growing technology value added dist...
BEETEL TELETECH LTD.
: Beetel is one of the oldest and most reputed brands in the Industry,...