Cisco warns that 500,000 routers and devices infected by hackers ahead of football Champions League final in Kiev, Ukraine

Olimpiyskiy National Sports Complex in Kiev, Ukraine

Cisco Systems warned yesterday that hackers have infected at least 500,000 routers and storage devices in dozens of countries with highly sophisticated malicious software. This is thought by Cisco to be in preparation for another massive cyber attack on Ukraine in a bid to disrupt the Champions League final in Kiev, capital of Ukraine.

The malware, which has been called VPNFilter by Cisco, could be used for espionage as well as to destroy the devices that it has infected.

Commenting on the report, Steve Giguere, lead EMEA engineer at Synopsys says: “There is every bit of evidence to suggest that the VPNFilter is targeted at the Ukraine. Elements of its character tie back to the same nation-state sponsored threat actor APT28 (Fancy Bear), that were connected to the disruptive malware NotPetya which ‘coincided’ with the Ukraine’s Constitution Day last year.

“With this weekend’s final, being a potentially larger international spectacle, this could be the 2018 version. As for whether it’s an attempt to de-stabilise the country, it comes as a bit of a 2-for-1 deal as its ability to ‘brick’ it’s host device could be an element that is deployed shortly after its primary task is either completed or at risk of failure.

It’s primary task is however, unknown. As it appears to be monitoring industrial Modbus SCADA protocols, perhaps the timing of the Champions League final is a distraction. Researchers are already making progress at shutting down the malware’s command and control centres, but, with such a widespread deployment it will be a race against time to see if it can be neutralised prior to initiating.”

Nation state surveillance or sabotage

This is borne out by Ashley Stephenson, CEO at Corero Network Security who adds, “Once again, a significant community of vulnerable devices is being pursued by hackers. We cannot know the hackers’ true motivation at this point or even if they are part of a single group but some of the reported capabilities of the observed exploits suggest more of a nation state surveillance or sabotage mission rather than commercially motivated data theft or DDoS.

“This report also highlights the increasing security industry attention being paid to botnet formation through observations of vulnerability scanning, honeypot exploit attempts, and C&C communication intercepts.” Stephenson adds, “We often know about potential threats earlier in their lifecycle, before the actual attacks are launched. Ironically, the cybersecurity community is relatively powerless to intervene before these weaponised IoTs are activated so we must continue to prepare our cyber defences and response strategies for future attacks.”

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

Recent Articles

Phishing attacks increase 718% in Europe, says Allot research

Posted on: March 2, 2021

Allot Ltd., a global provider of network intelligence and security solutions for service providers and enterprises worldwide, has released its 2020 Europe Cyber Threat Report.

Read more

How 5G will turbocharge IoT growth

Posted on: March 2, 2021

5G is bringing new rich streaming services to the cell phone market, catering for massive increases in broadband use. At the same time, it is set to transform the IoT market, bringing both rich new data services as well as enabling huge new volumes of connected devices. While there is a natural limit to the

Read more