SYNful Knock and a New Age of Phishing

By | September 21st, 2015|Uncategorized|

PhishingEarlier this week, Reuters reported that security researchers uncovered a new malware strain called SYNful Knock, targeting Cisco routers. Once installed, SYNful Knock gives cyber criminals the ability to harvest data being shared via the router without being detected. The malware has already been found on a handful of Cisco routers in four different countries.

While reports of breaches and data theft are commonplace these days, the SYNful Knock malware stands out for one key reason – affected routers were compromised not because of a security flaw in Cisco’s software but because cyber criminals secured the login credentials of key network administrators to install the software.

We’ve long espoused on this blog that employees are always going to be the weakest link in any security system. There will always be an employee that reuses easy-to-remember passwords across multiple logins. There will always be an employee that gets tricked into downloading an infected file or tricked into clicking on a malicious link through a phishing scam. If you want better cyber security at your business, employee education is the place to start.

This is even more evident went you look at the Cisco router story. In the past, cyber criminals focused on quantity over quality – send out 100,000 phishing emails and hope that a handful of recipients fall for the scam. We are seeing a move away from this and a move towards cyber criminals focusing on specific high-value targets, targets like employees that have network administrator-level credentials. Cyber criminals are using social media sites like LinkedIn to identify key personnel that may have administrator access to a system. They are then researching these individuals, often on social sites like Facebook and Twitter, to collect personal information – information that can be used for a customized phishing email or to answer standard password reset questions. In the case of the Anthem breach, cyber criminals used this tactic to secure logins for five Anthem employees. One of these five employees had administrator-level credentials. That’s all it took for cyber criminals to access more than 80 million customer records.

Compared to Anthem, this week’s Cisco router news seems pretty unimpressive. But it is a story that serves as a cautionary tale of what’s on the horizon for business cyber security and employee vulnerability.

Have tips on how to educate employees on password best practices? Weigh in on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.