Zero-Day Vulnerability Exploited by Hackers Compromises Tens of Thousands of Devices
Critical-Rated Vulnerability in Cisco’s Networking Software Discovered
Cisco has issued an advisory warning that a critical-rated vulnerability in its IOS XE software, which powers the company’s range of networking devices, is being actively exploited by hackers. The bug was found in the IOS XE web administration interface and can be exploited when an affected device is exposed to the internet.
Devices Affected
The list of devices running Cisco IOS XE software includes enterprise switches, wireless controllers, access points, and industrial routers, which corporations and smaller organizations use to manage their network security. These devices are used in a variety of settings, from small businesses to large enterprises, and are critical for maintaining the security and functionality of networks.
Exploitation Timeline
Cisco’s threat intelligence arm Talos has stated that as-yet-unidentified hackers have been exploiting the bug since at least September 18. The successful exploitation of the vulnerability grants an attacker "full control of the compromised device," which can lead to possible subsequent unauthorized activity on the corporate victim’s network.
Scale of Exploitation
Cisco has not yet commented on the scale of the exploitation, but Censys, a search engine for internet-connected devices and assets, has observed nearly 42,000 compromised Cisco devices as of October 18. This represents a "sharp increase" in infections compared to the previous day.
Geographic Distribution
According to Censys’ analysis of the flaw, the majority of compromised devices are located in the United States, followed by the Philippines and Mexico. The hackers appear to be targeting telecommunications companies that offer internet services to both households and businesses.
Impact on Smaller Entities
The primary targets of this vulnerability are not large corporations but smaller entities and individuals who are more susceptible. As Censys researchers noted, "As a result, the primary targets of this vulnerability are not large corporations but smaller entities and individuals who are more susceptible."
No Patch Available
Cisco has not yet released a patch for the zero-day vulnerability, which has received the maximum severity rating of 10.0. The company is "working non-stop to provide a software fix," but declined to say when the patch would be made available.
Mitigation Recommendations
In lieu of a patch, Cisco is "strongly" recommending that customers disable the HTTP Server feature on all internet-facing systems. Additionally, administrators of potentially compromised devices are urged to immediately search their networks for signs of compromise.
Additional Vulnerability Exploited
Cisco warned that the as-yet-unidentified attackers also leveraged a previous vulnerability, CVE-2021-1435, which Cisco patched in 2021, to install the implant after gaining access to the device. "We have also seen devices fully patched against CVE-2021-1435 getting the implant successfully installed through an as of yet undetermined mechanism," the researchers said.
Government Response
CISA, the U.S. government’s cybersecurity agency, is urging federal agencies to deploy mitigations by October 20. This underscores the severity of the situation and the need for immediate action to prevent further exploitation.
Related Developments
In other related news, zero-day vulnerabilities are now being used for significant financial gain. Hackers are selling zero-day exploits on the dark web, with some reportedly worth millions of dollars. This highlights the critical importance of prioritizing security and patching vulnerabilities as quickly as possible.
Background Information
The exploitation of zero-day vulnerabilities has become increasingly common in recent years. These vulnerabilities occur when a software vendor is aware of a vulnerability but has not yet released a patch to fix it. Hackers can exploit these vulnerabilities before a patch is available, causing significant damage and disruption to affected organizations.
Security Best Practices
To protect against exploitation of zero-day vulnerabilities, it is essential to:
- Stay up-to-date with the latest security patches and updates
- Implement robust security measures, such as firewalls and intrusion detection systems
- Conduct regular vulnerability assessments and penetration testing
- Educate employees on cybersecurity best practices and phishing attacks
By following these best practices, organizations can significantly reduce their risk of being exploited by hackers and minimize the impact of a potential attack.
Conclusion
The exploitation of the zero-day vulnerability in Cisco’s IOS XE software is a critical reminder of the importance of prioritizing security and patching vulnerabilities as quickly as possible. The scale of the exploitation, with nearly 42,000 compromised devices observed, underscores the need for immediate action to prevent further damage and disruption.
Recommendations
- Prioritize security and patching vulnerabilities as quickly as possible
- Implement robust security measures, such as firewalls and intrusion detection systems
- Conduct regular vulnerability assessments and penetration testing
- Educate employees on cybersecurity best practices and phishing attacks
By following these recommendations, organizations can reduce their risk of being exploited by hackers and minimize the impact of a potential attack.
