Category: IT|Aug 8, 2024 | Author: Admin

CISA warns of hackers abusing Cisco Smart Install feature

Share on

​On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommended disabling the legacy Cisco Smart Install (SMI) feature after seeing it abused in recent attacks.

CISA has spotted threat actors using this tactic and leveraging other protocols or software to steal sensitive data, such as system configuration files, which prompted an alert advising admins to disable the legacy SMI protocol (superseded by the Cisco Network Plug and Play solution) to block these ongoing attacks.

 

It also recommended reviewing the NSA's Smart Install Protocol Misuse Advisory and Network Infrastructure Security Guide for further configuration guidance.

 

In 2018, the Cisco Talos team also warned that the Cisco SMI protocol was being abused to target Cisco switches in attacks linked to multiple hacking groups, including the Russian-backed Dragonfly APT group (also tracked as Crouching Yeti and Energetic Bear).

 

The attackers took advantage of switch owners' failure to configure or disable the protocol, which left the SMI client running and waiting for "installation/configuration" commands.

 

Vulnerable switches allowed the threat actors to alter configuration files, replace the IOS system image, add rogue accounts, and exfiltrate information via the TFTP protocol.

 

In February 2017 and February 2018, Cisco warned customers that malicious actors were actively scanning for Internet-exposed SMI-enabled Cisco devices.

 

Abuse of weak password types


Admins were also advised today to implement better password protection measures after CISA found that attackers exploit weak password types to compromise Cisco network devices.

 

"A Cisco password type is the type of algorithm used to secure a Cisco device's password within a system configuration file. The use of weak password types enables password cracking attacks," the agency added today.

 

"Once access is gained a threat actor would be able to access system configuration files easily. Access to these configuration files and system passwords can enable malicious cyber actors to compromise victim networks. Organizations must ensure all passwords on network devices are stored using a sufficient level of protection."

 

CISA recommends using NIST-approved type 8 password protection for all Cisco devices. This ensures passwords are hashed with the Password-Based Key Derivation Function version 2 (PBKDF2), the SHA-256 hashing algorithm, an 80-bit salt, and 20,000 iterations.

 

More information on enabling Type 8 privilege EXEC mode passwords and creating a local user account with a Type 8 password on a Cisco device is available in NSA's Cisco Password Types: Best Practices guide.

 

The cybersecurity agency recommends following best practices for securing administrator accounts and passwords within configuration files.

 

This includes properly storing passwords using a strong hashing algorithm, avoiding password reuse across systems, using strong and complex passwords, and avoiding using group accounts that do not provide accountability.

Sponsored Ads:

Comments:


Apple pauses iPadOS 18 rollout for M4 iPad Pro after bricking complaints

Category: Apple|Sep 20, 2024 | Author: Admin

Chinese botnet infects 260,000 SOHO routers, IP cameras with malware

Category: IT|Sep 19, 2024 | Author: Admin

HaLow Wi-Fi has now been tested at 9.9 miles — new Wi-Fi world record is a near 5X increase over previous best

Category: IT|Sep 18, 2024 | Author: Admin

Windows vulnerability abused braille “spaces” in zero-day attacks

Category: Microsoft|Sep 17, 2024 | Author: Admin

Important steps to take on your iPhone before installing Apple's latest iOS 18 to avoid any errors

Category: Apple|Sep 16, 2024 | Author: Admin

AMD hides Taiwan branding on Ryzen CPU packaging as it preps new chips for China market release

Category: IT|Sep 15, 2024 | Author: Admin

Contabo downtime analysis

Category: IT|Sep 14, 2024 | Author: Admin

Netflix will no longer provide support for iPhones and iPads running iOS 16

Category: IT|Sep 13, 2024 | Author: Admin

Google searches now link to the Internet Archive

Category: General|Sep 12, 2024 | Author: Admin

Apple ordered to pay back its illegal $14.4 billion Irish tax break

Category: Apple|Sep 11, 2024 | Author: Admin

Microsoft to start force-upgrading Windows 22H2 systems next month

Category: Microsoft|Sep 10, 2024 | Author: Admin

Mozilla extends Firefox support on unsupported Windows versions to March 2025

Category: IT|Sep 9, 2024 | Author: Admin

Apache fixes critical OFBiz remote code execution vulnerability

Category: IT|Sep 8, 2024 | Author: Admin

SonicWall SSLVPN access control flaw is now exploited in attacks

Category: IT|Sep 7, 2024 | Author: Admin

Microsoft Office 2024 to disable ActiveX controls by default

Category: Microsoft|Sep 6, 2024 | Author: Admin
more