Network security

Counterfeit Cisco Switches Trigger Network Security Alarms

In a baffling event for IT security professionals, counterfeit versions of Cisco Catalyst 2960-X switches were discovered on an unnamed corporate network, and the fake equipment was found to be designed to circumvent procedures typical authentication methods, according to a report from F-Secure.

F-Secure says its investigators found that even though the counterfeit Cisco 2960-X units lacked backdoor-like functionality, they used various measures to evade security checks. For example, one of the units exploited what F-Secure considers a previously unknown software vulnerability to undermine secure boot processes that provide protection against firmware tampering.

“Counterfeit units such as these can be easily modified to introduce backdoors into an organization. We emphasize that this is not what happened in this case, but the execution of the attack would be virtually identical, which is why we believe it is important to highlight these issues,” said Dmitry Janushkevicha senior consultant on the hardware security team at F-Secure Consulting and lead author of the report.

“In this case, the motivation is purely economic as this is done solely to sell counterfeit units for profit. However, the techniques and opportunities are identical to attacks aimed at compromising the security of organizations.”

Yet in this case, the security features were bypassed, weakening the security posture of the device. This could give attackers who have already obtained code execution via a network-based attack, for example, an easier way to gain persistence, and thus impact the security of the entire system. organization, Janushkevich said.

Source link