Cyber threat of the week

Happy Election Day. Here’s your cyber threat of the week.

What’s a growing trend among hackers looking to get into firms whose networks are well defended? Hijacking their IT infrastructure and processes to deploy malware.

In one case uncovered in the last three months, hackers developed a fake upgrade to a U.S. based telecommunications company’s Internet routers. That upgrade actually contained malware; once the firm’s IT staff distributed the upgrade, that malware was pushed to the computers that connected to the company’s networks.

"We had an adversary group that was inside of a company — they had been there for a while — and we discovered that they had identified the part of the company that did router upgrades," said Richard Bejtlich, chief security officer at the cyber security firm Mandiant.  

"What these guys had done is gotten a copy of the image [of the router’s software design], they had decompiled it, they had then added malicious features into that router image and pre-positioned it where the IT [administrators] for the company would then copy it out to the [firm’s] routers," where they would be free to roam throughout the firm’s network.

How did hackers steal the router plans?

"You can get them in two places. One is you can get them from the enterprise itself — they have their repository of images ready to go — or if you have a Cisco connection online, you can download it yourself. While it’s sort of a niche affair, there are people who specialize in ripping apart Cisco [router] images," said Bejtlich.

Defending against this is relatively simple, he said.

"If you validated the signature" associated with the router upgrade to find out whether it is legit, "I guarantee you’d catch it," said Bejtlich.

While this hack caught was caught just before the company’s IT administrators were about to distribute the upgrade, Bejtlich said that other companies are probably not as lucky.