The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Live webinar, Oct 13: Attend to learn how you can deduplicate vulnerability and deliver a smarter approach to cyber risk management  | Register  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

Perspectives

Cisco End-of-Life threat and more: first officer's log - week 17

Known exploited vulnerabilities, the rise of deep fakes, and threats lurking in Cisco end of life products. Here's the latest in cyber risk.

Mike Parkin | September 19, 2022

First Officer’s log, Terrestrial date, 20220919. Officer of the Deck reporting.  

Ongoing communications from the mission team on [REDACTED] have shown steady progress, but the project has been running into more and more unexpected complexity. Though, in hindsight, we should have expected at least this much of a challenge. 

The people of [REDACTED] are technically advanced, but they lacked the specific technological skills to develop their planetary defense system on their own. Their culture emphasizes harmonizing with nature and a focus on the arts, which leaves them ill-prepared to deal with hostile alien forces. Recognizing their own limitations, they wisely looked to other off-world resources to create their defense system.

Unfortunately, they acquired various parts of the system from multiple sources, rather than settling on one who could at least try and integrate them all. For example, the first line of defense, their orbital shield, was obtained from the [REDACTED] who are known for their technical skill and unfailing logic. While quite effective, it is also quite finicky and expects the operators to adhere to the same convoluted logic its designers used but that no one else can follow. 

In a similar vein, their point defense system is highly effective against anything that gets in range, but having been designed by the [REDACTED], a warrior culture to its core, it tends to be overly aggressive and has more than once blocked allied craft from landing. Naturally, it doesn’t speak the same language as the orbital shield, so getting them to work together has been problematic. 

Perhaps worse, their integrated traffic control system was sourced from the [REDACTED] and appears to itself be cobbled together from components salvaged or stolen from other races. Which, to be fair, is perfectly in line with the reputation [REDACTED] has gained. 

At least it was cheap. 

And, naturally, none of these systems use the same interface or really speak the same language. But that’s where we come in. 

Lieutenant [REDACTED] and her team have their work cut out for them, though this is exactly the kind of mission we do best.  

I saw it, so it must be real, and other problems 

What happened 

IT teams are facing multiple challenges from an increase of professionals reaching the point of burnout, to the recent rise of deep fakes and threat actors starting to leverage that technology in new and exciting ways. For a given value of “new and exciting.” 

Why it matters 

Deep Fakes have been gaining in sophistication, reaching the point where casual observers often can’t tell the difference between real and virtual sources. threat actors have already recognized this, and we can expect them to use it more going forward. This will be especially troublesome with social engineering attacks, where deepfake technology could help them impersonate someone the target trusts. 

What they said  

There's nothing fake about the attention this story's been getting. Read more.

No security fixes for Cisco End-of-Life routers

What happened 

Cisco has announced that they will not be updating the firmware on a series of older Small Business routers, including the RV110W, RV130, RV130W and RV215W models, to address a vulnerability in the router’s IPSec VPN server. The reason being these routers are a decade old and have reached End-of-Life in Cisco’s product lineup. 

Why it matters  

Maintaining old kit can be problematic, especially when the manufacturer has dropped it from their line and declared it End-of-Life. And that’s to be expected. They’re always developing new kit and, at some point, it doesn’t make sense for them to do any further development for the old. Even if that means leaving vulnerabilities unpatched on said old kit.  

In some cases, if there is open firmware, someone will develop an alternative and keep that in service, which was quite common for several home class Wi-Fi systems for example. But for business grade kit, not so much. Of course, given the new systems are often faster, more robust, and include more features, it’s usually worth upgrading long before the old gear becomes completely obsolete. 

The challenge here is that not only are a lot of these Cisco End-of-Life products still in service, but you can still buy them through various vendors. And that is a real problem. The people who’re apt to buy a decade-old refurbished Small Business router are probably not the people who are reading cybersecurity notifications about new bugs not being corrected on the old kit they just purchased. 

What they said 

cisco end of life

The products may have reached End-of-Life, but this story is only just starting to walk. Read more.

 

And the list keeps growing

What happened 

The Cybersecurity and Infrastructure Security Agency (CISA) has added another 12 vulnerabilities to their Known Exploited Vulnerabilities Catalog, including bugs in Google Chrome and end-of-life D-Link routers.  

Why it matters  

While some organizations are required to follow CISA guidance, it’s sound advice for any organization that cares about security. And we all care about security, right? CISA’s list has been growing fairly quickly this year compared to years past. The “why” isn’t especially important. What is important is that keeping ahead of the attackers matters more than ever, and if something appears on this list it should be taken care of sooner rather than later.  

What they said  

New entries to CISA's list are always important to keep track of. Thankfully, there's been plenty of coverage.

___________________________________________________________________________________________________________________________

Want to get ahead of the stories? Join the conversations as they happen with the Vulcan Cyber community Slack channel