Cybercriminals use sophisticated tactics to attack outdated network infrastructures to steal information or extort victims. Ransomware and advanced persistent threat (APT) groups gain access to network equipment, such as routers, that have critical unpatched vulnerabilities.
According to recent research by Talos, Cisco's cyber intelligence division, after compromising a network device, these groups modify the firmware, load custom or rigged firmware, and bypass security measures. Advanced Persistent Threats (APTs) frequently alter the firmware of older devices to add specific functions, such as capturing information or creating a backdoor, which enables them to establish a stronger presence on the network. If additional levels of access are required and cannot be granted, users may resort to loading custom or older firmware that may contain unpatched vulnerabilities. Attackers may also attempt to breach security measures by modifying or removing host access control lists, disabling remote logging, adding user accounts with increased privileges, and reconfiguring SNMP community strings.
Angel Ortiz, Director of Cybersecurity at Cisco, stated that compromising a network is a multi-step process that requires careful execution.