Hackers Use Flaw in Cisco Switches to Attack Critical Infrastructure

Attackers are taking aim at critical infrastructure in multiple countries by exploiting a software flaw in some Cisco switches that has been a point of concern for more than a year. According to a blog post issued April 5 by Cisco’s Talos security unit, the cyber-attacks are exploiting what Cisco officials are calling a “protocol misuse” situation in Cisco’s Smart Install Client, which is designed to enable the no-touch installation and deployment of new Cisco hardware, in particular Cisco switches. The Talos unit is blaming nation-states for the bulk of these attacks, saying they are similar to those detailed in a release last month by U.S. Cert that alleged hackers associated with the Russian government were targeting U.S. government agencies and organizations in such critical areas as nuclear, water, aviation, energy, commercial facilities and manufacturing.