Attacks on Routers and Firewalls Are on the Rise – Are You Safe?

Publication date: May 30, 2023

Last Published: Jun 07, 2023

Table of Contents
Read Time : 5 minutes

Routers, firewalls, and other networking equipment is at the very heart of most organizations’ digital infrastructures, keeping data flowing and processes ticking. Yet, these critical components often fly under the radar when it comes to security considerations—something more and more cybercriminals are becoming keenly aware of.

Multiple Warnings of Attacks on Networking Equipment

Earlier this year, the UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), as well as Cisco’s Talos security intelligence group have all issued warnings about increasingly sophisticated attacks aimed directly at networking equipment.

Due to their popularity, Cisco routers and firewalls are among the most targeted network infrastructure devices, but hardware from other manufacturers, such as Huawei, Juniper, Alcatel, D-Link, Linksys, MikroTik, Netgear, Ubiquiti, QNAP, or ZyXEL is also in the crosshairs of various threat actors, including state-sponsored hacking groups like Fancy Bear, which is associated with the Russian military intelligence agency GRU.

“The warning involves not just Cisco equipment, but any networking equipment that sits at the perimeter or that might have access to traffic that a significantly capable and well-tooled adversary might have an interest in intercepting and modifying,” said JJ Cummings, Cisco Talos Threat Intelligence & Interdiction team lead.

More specifically, the security intelligence groups warn against the use of an SNMP execution vulnerability (CVE-2017-6742) to access routers and obtain sensitive network information and penetrate the target network.

The vulnerability was first published in June 2017, and it can be exploited by sending a crafted SNMP packet via IPv4 or IPv6. Since then, many other similar vulnerabilities have been identified and patched in various networking equipment, yet many organizations fail to apply these updates, leaving their systems open to attacks.

In light of these warnings, network operations teams need to reassess their security posture and adopt a more proactive approach. Given the fact that highly skilled and well-equipped adversaries are increasingly targeting their infrastructure—often exploiting weaknesses in systems that have not been adequately updated or monitored—it’s clear that a business-as-usual approach to security is no longer sufficient.

Download
DoD Contractor’s Guide to CMMC 2.0 Compliance

How to Protect Networking Infrastructure

Given the grim reality of networking equipment cyber threats, every organization should carefully evaluate its existing defenses and, if found inadequate, fortify its network infrastructure by implementing the following best practices.

Make Sure All Devices Are Updated

Software updates have been described as the Achilles’ heel of cybersecurity because they are often neglected, yet they play a pivotal role in maintaining network security. According to Rapid7’s 2022 Vulnerability Intelligence Report, the time from vulnerability disclosure to exploitation is decreasing, with 56 percent of the vulnerabilities in the report being exploited within just seven days of public disclosure.

Unfortunately, organizations often take much, much longer to apply these crucial updates, leaving a wide-open window of opportunity for cyber attackers. That’s why the first step any organization should take when it comes to protecting its networking infrastructure is ensuring that all devices are promptly updated. In practice, this means implementing an effective patch management strategy.

Replace Legacy Hardware

Clinging to end-of-life hardware for financial reasons is never a good idea because the amount of money that can be saved pales in comparison with the potential cost of a cybersecurity incident caused by vulnerabilities that are impossible to patch because the manufacturer no longer supports the product.

When organizations streamline and modernize legacy technology systems, they not only become more secure but also gain access to advanced features and improved performance, making it a worthy investment.

Ensure Complete Network Visibility

Night vision goggles exist because it’s almost impossible to fight an enemy in the dark, and the same principle applies in cybersecurity. Organizations can prevent attacks on routers and firewalls only if they see what’s happening on their networks, and that’s where continuous monitoring comes in.

For example, the above-described SNMP execution vulnerability causes the affected device to reload and generate a crashinfo file when exploited. A strong continuous monitoring strategy would flag such an event in real-time, alerting network administrators to the unusual activity. This is critical because early detection of abnormal behavior allows for quick intervention.

Implement Strong Authentication

A crucial pillar in the defense of network infrastructure is implementing strong authentication measures, which can be compared to having a secure lock on your front door. CVE-2017-6742 has been exploited so much because many routers and firewalls use poorly selected SNMP community strings (when relying on SNMP Version 2c or earlier) or weak user credentials (when relying on SNMP Version 3).

Implementing strong authentication in alignment with password policy best practices is a must for all organizations that want to effectively protect their networking infrastructure. In addition to strong authentication, it’s also essential to require encryption when configuring networking devices. Encryption provides an extra layer of security, ensuring that even if the data transmitted over the network is intercepted, it can’t be understood by unauthorized individuals.

Conclusion on Protecting Firewalls and Routers

Protecting routers and firewalls from increasingly sophisticated cyber threats requires constant vigilance and proactive security measures. Yet, maintaining a secure network infrastructure isn’t a simple task—it requires a certain level of expertise and dedicated resources.

This is where OSIbeyond can step in. As a managed IT service provider, we specialize in delivering comprehensive cybersecurity solutions tailored to meet your organization’s specific needs. With OSIbeyond, you can rest assured knowing that your network infrastructure is under the watchful eye of industry professionals, safeguarded against emerging threats and vulnerabilities.

Don’t wait for a cyberattack to jeopardize your operations. Contact us today and take the first step toward enhancing your cybersecurity posture.

Related Posts: