Hackers Stealing Data Using Cisco Smart Install

Uploaded on 2024-08-13 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US Cybersecurity and Infrastructure Security Agency (CISA) reports that hackers are exploiting the obsolete Cisco Smart Install feature with the aim of accessing sensitive data.

CISA has detected hackers using this tactic, leveraging readily available protocols and  software, to steal sensitive data, including system configuration files. This is urgent enough to have prompted the agency to issue an alert advising network admins to disable the legacy SMI protocol to block these attacks.

CISA said it has seen cyber criminals "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."

It also reports that it continues to see weak password types being used on Cisco network devices, thereby exposing them to password-cracking attacks. Hackers who are able to gain access to the device in this manner would be able to easily access system configuration files, enabling more serious  problems for  their  victim networks. 

"Organisations must ensure all passwords on network devices are stored using a sufficient level of protection," CISA said, adding it recommends Type 8 password protection for all Cisco devices to protect passwords within configuration files."  Type 8 passwords are hashed with the Password- Based Key Derivation Function version 2 (PBKDF2), SHA-256, an 80-bit salt, and 20,000 iterations, which makes it more secure in comparison to the previous password types.

CISA is also urging enterprises to consult the National Security Agency's (NSA) Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance. Additional best practices include the use of a strong hashing algorithm to store passwords, avoiding password reuse, assigning strong and complex passwords, and refraining from using group accounts that do not provide accountability.

The development comes as Cisco warned of the public availability of a proof-of-concept (PoC) code for CVE-2024-20419 (CVSS score: 10.0), a critical flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users.

Cisco has previously warned that the Cisco SMI protocol was being abused to target Cisco switches in attacks linked to multiple hacking groups, including the Russian-backed APT group known as Dragonfly.

CISA   |    US Dept of Defense   |     Cisco   |   Hacker News   |   Bleeping Computer    |    Techconnex    |  

Cybersecurity News 

Image: Ideogram

You Might Also Read: 

Chinese Hackers Exploit Cisco Vulnerability To Deliver Malware:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ransomware Attack Trends & The True Costs To Victims [extract]
Venezuela Blocks Access To X »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Verve Industrial

Verve Industrial

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

Protocol Policy Systems

Protocol Policy Systems

Protocol Policy Systems specialise in IT policy deployment and management systems that deliver compliance and secure computing environments.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Cyber Base

Cyber Base

Cyber Base is an Information Technology company based in Uganda providing software and hardware solutions to clients.

Cybertonica

Cybertonica

Cybertonica is a FinTech company which detects and prevents fraudulent transactions and reduces risk for financial services organisations.

Bl4ckswan

Bl4ckswan

Bl4ckswan is a Management Consulting firm specialized in the delivery of information security and compliance services.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

Pinpoint Search Group

Pinpoint Search Group

Pinpoint Search Group's recruiters specialize in Information Management, Cyber Security, Cloud and Robotic Process Automation (RPA).

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

Thunder Shield Security

Thunder Shield Security

Thunder Shield is a professional cyber security service provider of penetration test, source code review and security assessment services.

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision-Cyber was founded on the philosophy of state-of-the-art cybersecurity and digital solutions. Our guiding principle is simply that we will provide and secure all your digital needs.