Just because some attacks are more common than others, doesn’t mean they’re only ones you need to protect against.
Some of the most unusual cyberattacks are the ones that cause the most damage – if you’re unprepared.
Sure, proper security-stacks lock down your endpoints, servers, and perimeters (firewall, email, etc.).
But, few organizations monitor for attacks on network systems, internal network resources, or Internet of Things (IoT) equipment.
And, according to recent findings, they’re also more vulnerable than you might think.
Recently, researchers discovered several vulnerabilities and attacks on these IT resources, raising the alarm for businesses everywhere to stand guard against such attacks on network systems.
So, is your business up to the challenge?
New Network Infrastructure Vulnerabilities
No company is immune from making mistakes, no matter how reputable they normally are.
As evidence, security researchers located new vulnerabilities in products from some of the best in the business: Aruba, Avaya, Cisco, and F5 – each of which allow for malicious exploitation.
Though no attacks are yet detected using these flaws, public announcement of them ensure attackers are well aware of the possibilities.
For example, five vulnerabilities in the Aruba and Avaya network switches are caused by misuse of the NanoSSL TLS library – a flaw similar to one detected earlier on uninterruptible power supplies. In this case, the flaw can allow for remote code execution (RCE) attacks that could lead to broken network segments.
If you’re caught unprepared, attacks can trigger data breaches, take over devices, or even override your defenses for network segmentation.
Meanwhile, vulnerabilities in Cisco’s Enterprise NFV Infrastructure Software can allow attackers to run commands with root privileges, or escape the virtual machine. From there, attacks can even compromise the host device running the virtualized networking software.
Other researchers detected 16,000 of F5’s BIG-IP devices connected to the internet, likely vulnerable to the RCE problem that allows unauthenticated users with network access to execute arbitrary system commands, create or delete files, as well as disable services.
Though patches are available for Aruba, Avaya, and Cisco’s software, updates for F5’s vulnerability are only available for version 13.1.5 and later.
These are unusual cyberattacks for many businesses, because network infrastructure usually falls outside of your endpoint protection and standard security patching programs.
If you maintain any of these devices, you’ll need to ensure any problems are patched or mitigated soon – before attackers begin exploiting them.
Cisco Counterfeit Warning
Even tech giant Cisco wasn’t immune to the global supply chain shortages caused by the pandemic.
The halt in transportation, materials, and distribution had a direct effect on company and customer alike.
As a result, Cisco notes many customers tried to fill their needs through less-than-reputable channels, inadvertently winding up with counterfeit gear. As you’d expect, these products aren’t going to provide the same level of support and quality as the real deal.
Cisco encourages you to verify devices by upgrading your IOS operating systems, particularly for their Catalyst 2960X/2960XR switches. Counterfeit devices will fail automated integrity checks, and you’ll know to replace them with genuine Cisco products.
Unpatched DNS Poisoning
In addition to these network attacks and counterfeit products are even more unusual cyberattacks.
For instance, researchers located a vulnerability in a C standard library (a source of usable software code), which was widely incorporated into various software programs.
This software is used by manufacturers such as Netgear, Axis, Linksys, and many Linux distributions powering IoT devices.
More than 200 vendors and millions of devices may be vulnerable to DNS Poisoning attacks, in which an attacker can reroute the traffic on your device to a server under the attacker’s control.
Because vendors haven’t had a chance to create patches & updates yet, their names and list of affected products remain unannounced. Making matters even more difficult, the maintainer of this C standard library was unable to develop a fix.
For now, all you can do is stay alert for firmware releases & updates for any of your routers and IoT devices.
And as always, make sure you’re monitoring your network traffic carefully for signs of a compromised device.
Malware Infected Network Equipment
Yet another unusual cyberattack is one recently discovered inserting lightweight malware – known as ‘QUIETEXIT’ – onto network appliances like load balancers, SAN arrays, and wireless access point controllers.
The attacker also compromised LifeSize and D-Link IP videoconferencing camera systems with a botnet to maintain access in these environments.
Each of these attacks take advantage of devices that won’t be protected by antivirus, nor by many types of endpoint detection and response (EDR) tools.
Unless your organization is monitoring your network for malicious activity, attackers can do a lot of damage – all without triggering alerts.
Guard Yourself Against These Unusual Cyberattacks
Though network vulnerabilities can be protected by firewalls, a single bad click provides access to an endpoint.
From that compromised endpoint, attackers can exploit unpatched network equipment and unprotected vulnerabilities.
To counter potential attacks, you’ll need to:
- Patch, update, or enact additional security on known network device vulnerabilities
- Periodically check for any unknown problems with penetration tests and vulnerability scans
- Use network protection and monitoring to detect malicious activity
Many organizations can handle basic firewall and endpoint security. But patching, monitoring, and investigating potential attacks on networking equipment isn’t nearly as easy.
If you’re looking for assistance or guidance on these or any other network issues you’re experiencing, just contact Ideal Integrations at 412-349-6680 or fill out the form below.
Our experts will provide a no-obligation consultation about possible steps needed to protect your network, and answer any questions you might have.