What have you learned about the attack on 200 000 network of...

What have you learned about the attack on 200 000 network of Cisco switches?


The last few days were not the best for cyber security. The Iranian Ministry of communications and information technologies said that also was the victim of a global cyber attack, which compromised about 200,000 network switches (or simply switches) from Cisco, which has not yet received the patches the exploit in the Protocol of the company’s Smart Install. The attacker showed the US flag on multiple screens, adding a warning “do not interfere in our elections,” but the attack was not focused on Iran — only 3500 switches become the victim of an exploit in this country. More than 55,000 of the affected devices were in the United States, as announced by the Minister of information technology Mohammad Javad Azari Jahromi, and 14 000 in China. The rest were located in Europe and India.

Hooked us.

The message of Iran was admitted immediately after the study group Cisco Talos warned that the world was “several incidents” involving “certain advanced actors”, focusing on switches using Smart Install. In November 2017 there was a jump in scanning, and in March and April, its intensity only increased.

بررسیهای حاکی اولیه از آن است که در تنظیمات مسیریابهای مورد حمله قرار گرفته، با پرچم حک ایالت متحده، اعتراضی درباره انتخابات آمریکا صورت گرفته است. دامنه حملات فراتر از ایران است. منشا حملات در دست است بررسی pic.twitter.com/L8erHB52j1

— Jahromi MJ Azari (@azarijahromi) April 6, 2018

The damage to Iran can be minimal — Iran announced that it has solved this problem for hours and have not lost any data. However, the depth of the attack and its implication puzzling. If it was a warning about interference in elections, why hackers are not focused on Russia? Russia is considered the main suspect in the case of the intervention in the elections trump. A protest seems somewhat randomly.

Whoever was responsible, these attacks emphasize the old problem: many of the holes punched in recent months were the result of mistakes of the past. These switches could be correct in time to prevent the attack, but the slow response left the holes open. Once network operators start to move, and patch the hole and update operating systems on time. But for this to happen?