Cisco Blogs

Cisco Blog > Security

SYNful Knock: Protect Your Credentials, Protect Your Network

Interest in IT security has never been higher. So when a new type of attack comes along, it attracts the attention of our customers and others in the industry.

Earlier this week Cisco and Mandiant/Fireye released information about the so-called SYNful Knock malware found on Cisco networking devices. You can read my earlier blog on this subject here: SYNful Knock: Detecting and Mitigating Cisco IOS Software Attacks.

This attack isn’t caused by a problem or vulnerability with a Cisco product. It results from an attacker stealing administrative credentials or getting physical access to a networking device, allowing them to load a modified version of operating system software.

Just as technology advances, so too do the nature and sophistication of attacks. Although Mandiant’s research focuses on a specific piece of malware, we believe that it is an example of an evolution of attacks. Attackers are no longer focusing just on disruption, but on compromising credentials to launch an undetected and persistent attack.

For many years we’ve known that networking devices and their credentials are high-value targets for attackers. There has always been a need to protect them accordingly. This was something we reinforced last month in this security bulletin: Evolution in Attacks Against Cisco IOS Software Platforms

We know this is an important topic for our customers, so have created an on-demand webcast outlining how to detect and remediate this type of attack:


The webcast also continues the conversation about good operating procedures, like network hardening and monitoring, that can help prevent this type of attack. The resources it describes can also be found on our Event Response Page.

If you have any additional questions about SYNful Knock, including how we can help implement some of these recommendations, please speak with your Cisco account manager.

If you are experiencing immediate technical challenges and require support, the Cisco Technical Assistance Center (TAC) is here to help.

And if you’re a member of the press with questions, please contact my PR friends at

Tags: , , , , ,

Top of Mind: Cybercrime–This Time It’s Personal

The axiom “Quality, not quantity” has been adopted by everyone from stock pickers to those trying to successfully navigate the online dating scene. Now cybercriminals are also putting this philosophy to practice.

The fundamental shift away from mass spam attacks to more targeted threats with potentially bigger payoffs is top of mind to me. This trend is detailed in a new report by Cisco’s Security Intelligence Operation (SIO).

Specifically on the issue of spam, Cisco’s research reveals that mass spam volumes dropped from 300 billion daily spam messages to 40 billion between June 2010 and June 2011. Although 40 billion is still a huge number, signifying that spam is still an issue, the trend that’s most alarming is the threefold increase in spearphishing and the fourfold increase in personalized scams and malicious attacks such as malware.

Read More »

Tags: , , , , , ,