Cyber threat of the week
Happy Election Day. Here’s your cyber threat of the week. What’s a growing trend among hackers looking to get into firms whose networks are well defended? Hijacking their IT infrastructure and processes to deploy malware. In one case uncovered in the last three months, hackers developed a fake upgrade to a U.S. based telecommunications company’s ...
Happy Election Day. Here's your cyber threat of the week.
Happy Election Day. Here’s your cyber threat of the week.
What’s a growing trend among hackers looking to get into firms whose networks are well defended? Hijacking their IT infrastructure and processes to deploy malware.
In one case uncovered in the last three months, hackers developed a fake upgrade to a U.S. based telecommunications company’s Internet routers. That upgrade actually contained malware; once the firm’s IT staff distributed the upgrade, that malware was pushed to the computers that connected to the company’s networks.
"We had an adversary group that was inside of a company — they had been there for a while — and we discovered that they had identified the part of the company that did router upgrades," said Richard Bejtlich, chief security officer at the cyber security firm Mandiant.
"What these guys had done is gotten a copy of the image [of the router’s software design], they had decompiled it, they had then added malicious features into that router image and pre-positioned it where the IT [administrators] for the company would then copy it out to the [firm’s] routers," where they would be free to roam throughout the firm’s network.
How did hackers steal the router plans?
"You can get them in two places. One is you can get them from the enterprise itself — they have their repository of images ready to go — or if you have a Cisco connection online, you can download it yourself. While it’s sort of a niche affair, there are people who specialize in ripping apart Cisco [router] images," said Bejtlich.
Defending against this is relatively simple, he said.
"If you validated the signature" associated with the router upgrade to find out whether it is legit, "I guarantee you’d catch it," said Bejtlich.
While this hack caught was caught just before the company’s IT administrators were about to distribute the upgrade, Bejtlich said that other companies are probably not as lucky.
John Reed is a former national security reporter for Foreign Policy.
More from Foreign Policy

Chinese Hospitals Are Housing Another Deadly Outbreak
Authorities are covering up the spread of antibiotic-resistant pneumonia.

Henry Kissinger, Colossus on the World Stage
The late statesman was a master of realpolitik—whom some regarded as a war criminal.

The West’s False Choice in Ukraine
The crossroads is not between war and compromise, but between victory and defeat.

The Masterminds
Washington wants to get tough on China, and the leaders of the House China Committee are in the driver’s seat.