Number of Cisco Devices Targeted by Mass Exploitation Tops 30,000
The number of Cisco devices hijacked through a newly discovered attack has risen to over 30,000, according to the latest findings from security researchers.
Security vendor Censys has been tracking the threat, and observed 34,140 Cisco devices that appear to have been compromised by a critical vulnerability in the company’s IOS XE software.
“The United States has the majority of compromises, with 4,659 devices having the backdoor installed, along with the Philippines close behind with over 3,200 compromised hosts,” Censys says in its report.
The IOS XE software is used across Cisco switches, routers, and wireless controller products, meaning a large swath of networking equipment has likely been hijacked. The vulnerability, dubbed CVE-2023-20198, is so powerful it can pave the way for a full takeover of a Cisco device, enabling a hacker to spy on traffic or serve users phishing pages loaded with malware.
Censys has been trying to identify which users could be affected. The company’s scans of the affected Cisco devices reveal many of them belong to “telecommunications companies offering internet services to both households and businesses.”
For example, 469 of the compromised Cisco devices were registered to AT&T. "While commonly linked with residential internet access, it (AT&T) also delivers business solutions, evident in its use of the enterprise-grade Cisco (XE) router. As a result, the primary targets of this vulnerability are not large corporations but smaller entities and individuals who are more susceptible,” Censys says.
Cisco has suggested that a single hacking group is behind the mass exploitation, which was first detected last month. It appears the group has since been abusing the flaw at a rapid rate when no
Read more on pcmag.com
