Hackers Stealing Data Using Cisco Smart Install

The US Cybersecurity and Infrastructure Security Agency (CISA) reports that hackers are exploiting the obsolete Cisco Smart Install feature with the aim of accessing sensitive data.

CISA has detected hackers using this tactic, leveraging readily available protocols and  software, to steal sensitive data, including system configuration files. This is urgent enough to have prompted the agency to issue an alert advising network admins to disable the legacy SMI protocol to block these attacks.

CISA said it has seen cyber criminals "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."

It also reports that it continues to see weak password types being used on Cisco network devices, thereby exposing them to password-cracking attacks. Hackers who are able to gain access to the device in this manner would be able to easily access system configuration files, enabling more serious  problems for  their  victim networks. 

"Organisations must ensure all passwords on network devices are stored using a sufficient level of protection," CISA said, adding it recommends Type 8 password protection for all Cisco devices to protect passwords within configuration files."  Type 8 passwords are hashed with the Password- Based Key Derivation Function version 2 (PBKDF2), SHA-256, an 80-bit salt, and 20,000 iterations, which makes it more secure in comparison to the previous password types.

CISA is also urging enterprises to consult the National Security Agency's (NSA) Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance. Additional best practices include the use of a strong hashing algorithm to store passwords, avoiding password reuse, assigning strong and complex passwords, and refraining from using group accounts that do not provide accountability.

The development comes as Cisco warned of the public availability of a proof-of-concept (PoC) code for CVE-2024-20419 (CVSS score: 10.0), a critical flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users.

Cisco has previously warned that the Cisco SMI protocol was being abused to target Cisco switches in attacks linked to multiple hacking groups, including the Russian-backed APT group known as Dragonfly.

CISA   |    US Dept of Defense   |     Cisco   |   Hacker News   |   Bleeping Computer    |    Techconnex    |  

Cybersecurity News 

Image: Ideogram

You Might Also Read: 

Chinese Hackers Exploit Cisco Vulnerability To Deliver Malware:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Ransomware Attack Trends & The True Costs To Victims [extract]
Venezuela Blocks Access To X »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IEEE Computer Society

IEEE Computer Society

The IEEE Computer Society is the world's leading membership organization dedicated to computer science and technology.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

Hack in the Box Security Conference (HitBSecConf)

Hack in the Box Security Conference (HitBSecConf)

HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events feature two days of training and a two-day multi-track conference

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

SecurePay

SecurePay

SecurePay is Australia's premier payment gateway, with a range of secure online payment solutions for online retailers, SMEs and enterprise businesses.

Naoris

Naoris

Naoris is the world’s first holistic blockchain-based cybersecurity ecosystem, bringing a game-changing solution to address 35 years of industry similar practice.

Gorodissky IP Security

Gorodissky IP Security

Gorodissky IP Security is a comprehensive approach to protecting your intellectual property on the Internet and beyond.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

CyBourn

CyBourn

Cybourn's diverse offerings include engineering, analysis, product development, assessment, and advisory services in the cybersecurity space.

Anchor Technologies Inc (ATI)

Anchor Technologies Inc (ATI)

Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.