Cyber threat of the week

Happy Election Day. Here’s your cyber threat of the week. What’s a growing trend among hackers looking to get into firms whose networks are well defended? Hijacking their IT infrastructure and processes to deploy malware. In one case uncovered in the last three months, hackers developed a fake upgrade to a U.S. based telecommunications company’s ...

Getty Images
Getty Images
Getty Images

Happy Election Day. Here's your cyber threat of the week.

Happy Election Day. Here’s your cyber threat of the week.

What’s a growing trend among hackers looking to get into firms whose networks are well defended? Hijacking their IT infrastructure and processes to deploy malware.

In one case uncovered in the last three months, hackers developed a fake upgrade to a U.S. based telecommunications company’s Internet routers. That upgrade actually contained malware; once the firm’s IT staff distributed the upgrade, that malware was pushed to the computers that connected to the company’s networks.

"We had an adversary group that was inside of a company — they had been there for a while — and we discovered that they had identified the part of the company that did router upgrades," said Richard Bejtlich, chief security officer at the cyber security firm Mandiant.  

"What these guys had done is gotten a copy of the image [of the router’s software design], they had decompiled it, they had then added malicious features into that router image and pre-positioned it where the IT [administrators] for the company would then copy it out to the [firm’s] routers," where they would be free to roam throughout the firm’s network.

How did hackers steal the router plans?

"You can get them in two places. One is you can get them from the enterprise itself — they have their repository of images ready to go — or if you have a Cisco connection online, you can download it yourself. While it’s sort of a niche affair, there are people who specialize in ripping apart Cisco [router] images," said Bejtlich.

Defending against this is relatively simple, he said.

"If you validated the signature" associated with the router upgrade to find out whether it is legit, "I guarantee you’d catch it," said Bejtlich.

While this hack caught was caught just before the company’s IT administrators were about to distribute the upgrade, Bejtlich said that other companies are probably not as lucky.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

Newspapers in Tehran feature on their front page news about the China-brokered deal between Iran and Saudi Arabia to restore ties, signed in Beijing the previous day, on March, 11 2023.
Newspapers in Tehran feature on their front page news about the China-brokered deal between Iran and Saudi Arabia to restore ties, signed in Beijing the previous day, on March, 11 2023.

Saudi-Iranian Détente Is a Wake-Up Call for America

The peace plan is a big deal—and it’s no accident that China brokered it.

Austin and Gallant stand at podiums side by side next to each others' national flags.
Austin and Gallant stand at podiums side by side next to each others' national flags.

The U.S.-Israel Relationship No Longer Makes Sense

If Israel and its supporters want the country to continue receiving U.S. largesse, they will need to come up with a new narrative.

Russian President Vladimir Putin lays flowers at the Moscow Kremlin Wall in the Alexander Garden during an event marking Defender of the Fatherland Day in Moscow.
Russian President Vladimir Putin lays flowers at the Moscow Kremlin Wall in the Alexander Garden during an event marking Defender of the Fatherland Day in Moscow.

Putin Is Trapped in the Sunk-Cost Fallacy of War

Moscow is grasping for meaning in a meaningless invasion.

An Iranian man holds a newspaper reporting the China-brokered deal between Iran and Saudi Arabia to restore ties, in Tehran on March 11.
An Iranian man holds a newspaper reporting the China-brokered deal between Iran and Saudi Arabia to restore ties, in Tehran on March 11.

How China’s Saudi-Iran Deal Can Serve U.S. Interests

And why there’s less to Beijing’s diplomatic breakthrough than meets the eye.