While “SYNful Knock” is the latest identified malware targeting Cisco devices running Cisco IOS, we have identified and investigated six other malware incidents during the last four years that target Cisco devices running Cisco IOS. The nature of threats is evolving and Cisco will continue to adapt technology delivering trustworthy solutions that our customers can rely on. This also means that customers will need to evolve, fully utilizing the security tools that are available, as well as ensuring security best practices are in place.
The malware used in these evolved Cisco IOS attacks show increasing levels of complexity in the type of modifications made to Cisco IOS, the behavior of its Command and Control (C&C) network (when present), and the platforms they target.
Before talking about specifics of each investigated malware incident, it is important to note that in all cases, no evidence has been found that attackers exploited a previously known or unknown vulnerability to install the malware. All available data points suggest either the use of compromised administrator credentials or physical access to the devices or images.
The following table and associated description provides a brief overview of the malware samples, as well as an overview of the actions that Cisco took in response to those findings. The source of this information is internal analysis performed by Cisco forensics teams.
Wi-Fi Calling, or voice over Wi-Fi (VoWiFi), is a setting that many people are currently using on their mobile devices, though some may be surprised to know that they’re even using it. The basic idea of how VoWiFi works is: instead of making phone calls over a cellular network, mobile devices chose a wireless network when that option is available.
In the past few years, the security industry has invested heavily in the detection and containment of attacks and breaches as a primary focus of innovation. To help protect Cisco, its customers, products, services and partners, we have embarked on a journey to build security and trust into every aspect of our business, including the culture of our workplace itself. The rapid evolution of the threat landscape has made this trust journey a necessity. Exploits are more frequent, better financed, more sophisticated and are causing more damage. Technology shifts like mobility and BYOD are the new normal and have resulted in more points of access for malware, resulting in a larger attack surface. In order to be more effective against the broad range of security threats, the industry must focus on foundational security being present in critical systems. By ensuring that trustworthiness is built into the technology, processes and policies involved in your IT systems, you can reduce risk and the attack surface while enabling more effective overall security.
Omkar Govil-Nair, son of Cisco employee Shubha Govil, shows off his OWatch at Maker Faire.
Sometimes, the apple doesn’t fall too far from the tree. That’s the case with 8-year-old Omkar Govil-Nair, whose mom, Shubha Govil, is a senior manager of products for the Cisco Collaboration Technology Group. Technology and tinkering with invention is something that the two of them share.
“Omkar was always interested in technology,” Shubha says. “He always wanted to see how things work and was coming up with new ideas. So for us as parents, it was about providing him support to make things happen.”
Omkar’s interests, however, were bigger than just learning about tech. As a fan of shows like MythBusters and Shark Tank, he became interested in building his own tech two years ago when he came across another young person’s project (then 12-year old-entrepreneur Quin Etnyre). Omkar had been attending Maker Faire since he was 4 (where he got to meet Etnyre) and got to see a lot of DIY technology and projects in action.
He wanted to take it further, and started learning Arduino (an open-source platform) from his dad.
He started with small projects and was so thrilled with the power of an open source platform like this that he wanted to share his projects with other kids and teach them how to make their own Arduino projects. This was the beginning of an idea that Shubha bought to Cisco by creating a program called DevNet Kids to teach Arduino programming and other such STEAM workshops (Science, Technology, Engineering, Arts and Math) to the children of other Cisco employees.
Susie Wee, VP, CTO Networking Experiences helped Shubha further these efforts by sponsoring the Arduino UNO kits needed for the DevNet workshops. Now, Omkar, Shubha and her husband Subhash host DevNet Kids workshops for about 20 kids once a month for Cisco employee families, and these classes are usually filled to capacity. Omkar also makes sure that the parents don’t do any of the work.
“Omkar’s guidance to parents in the workshop is to let the kids learn by trying and not jump in to help them out with the project,” Shubha says. “Him bringing this perspective is really important to make DevNet kids workshops a fun experience for the kids.”
Omkar and Shubha didn’t stop there. They wanted to get other kids involved so badly that the Govil-Nair family is now a group of entrepreneurs. Omkar’s site, www.IOT4KIDS.com is full of how-to code and projects, and he just this summer launched a kickstarter campaign where he created his OWN Arduino-compatible smart watch DIY kit for kids to get started with hands-on programming and 3D printing. Oh, and did we mention it was fully funded in 1 week?
Shubha and Omkar together at Maker Faire.
“It’s like a night job now for my husband and I,” Shubha says. “It’s amazing to see how excited people are, and I’m excited to have Cisco be a part of it.”
Omkar’s OWatch kit was a featured Maker project at the World Maker Faire in New York, and Omkar was also invited to speak at the Re: Make Conference both in September. He’s got partners already lined up to help bring his OWatch kit to more kids, and has captured the attention of some pretty fantastic tech leaders.
President of TinyCircuits Ken Burns called Omkar “the smartest 8-year-old” he’s ever met, and that he’ll have a “Great impact on teaching kids about science and engineering.”
We think that Omkar is going to be an innovation powerhouse, and we can’t wait what tech solutions he’ll bring to the world. We just hope he continues to partner with Cisco when he does it, so we can be a part of history with him!
Cisco recently started shipping the newest member to the UCS family – the storage-optimized UCSC3260 Rack Server. Data centers these days are bursting at the seams with unstructured data from new emerging applications and services. According to IDC, 80% of data is unstructured and continues to grow at a 16.2% CAGR. The ability for data centers to economically and rapidly ingest, index, analyze, and archive all this data is top of mind.
In early 2000 I co-authored a book with Peter Keen called “From .com to .Profit.” We got lucky as delays in the publishing process meant that the book published just days before the dot com crash. As a result of the timing, it received a lot of publicity and some media painted us as visionaries of the impending technology share price wipe out. However, the book was not about price-earnings ratios—everybody knew there would be a huge correction. It was an analysis of the different business value models offered by the dot com leaders and it offered a framework for which models would thrive and which ones would decline based on driving business value. Guess what – the same market correction is happening today, but with infrastructure in the cloud market. Let me explain.
A time traveler from 2000 to today might think it all looks incredibly familiar – a new breed of universe masters has emerged in the form of digital startups that are disrupting the established order. They’re fast, agile, cool organizations that will be immensely profitable one day. But rather than using infrastructure, they all run their businesses in the public cloud. Traditional IT is becoming increasingly irrelevant and digitization is becoming king. Owning assets? How very 2014! Why is this? When placing strategic bets on new ideas or new markets, organizations are better served using capital on innovation versus an IT expense. In essence, IT managers or line of business managers are better off investing in growth instead of costs, especially when they can get it on-demand and pay for it as they grow. Continue reading “Does Public Cloud Have to Be Public?”
Communities and countries of all sizes are in motion toward a digital future…and if not, they risk being left behind. This then begs the question, what does ‘digitize’ really mean? Certainly, there’s no instruction manual for the task. The roadmap features some identifiable landmarks—flagged by early pioneers—but there is still plenty of unchartered territory. In fact to navigate this rapidly changing landscape, we definitely have our work cut out for us, both in the developed and emerging parts of the world.
We frequently talk about all things becoming connected, but in reality, the majority of the global inhabitants are still faced with little to no Internet access, a disturbing fact when you consider the socio-economic benefits that technology affords. The digital divide is real. Despite the proliferation and rapid advancement of technology, many just are not receiving the benefits of the changes made in ICT.
However, an important tool in shedding light on the digital puzzle is the sharing of success stories and best practices. Sharing of experiences and expertise can open the discussion on how digital government can and should evolve. Using the power of the global community, the ever-increasing propagation of technology can begin to help digital countries develop faster and more efficiently through sharing and learning. And by bringing to light the stories of transformation, large and small, around the globe we hope to offer guidance and leadership to those embarked on the journey or planning a trip soon.
Where in the world is the digital citizen?
So how exactly do you separate fact from fiction and who is just presenting smoke and mirrors? Since the discussions concerning the digital shift began, there have been a number of myths and promises. With the growing numbers of examples to draw from, we are now in a much better position to assess the possible processes of digitization in a more realistic manner. And based on the experiences of the early-adopters, we can begin suggesting the steps that governments can take and/or avoid in planning their digital country strategy.
This week, our digital citizen is a jet setter. Think Carmen Sandiego circa 1990. First stop, the United Kingdom. The country is in its second phase of digitization planning, which includes efforts such as public sector development, accelerated cybersecurity innovation, and public-private initiatives like the British Innovation Gateway (BIG). Strategic investment to accelerate existing government goals for driving economic growth through high-tech innovation is helping the UK to becoming one of the top digitized countries in the world.
A quick trip over to the continent and our citizen is making the next stop in France. Drawing on a dynamic start-up culture, the reform-driven country plans to extract value from its efforts to enhance security, increase productivity, create jobs, and improve citizens’ lives through digitization. The Cisco Networking Academy program plans to open 1,500 additional academies and train upwards of 200,000 students in France, giving the French workforce the skills needed to accelerate the country’s digitization process. Not only is France expected to gain a GDP boost from 1-2 percent, this transformation will contribute to France’s overall global competitiveness by supporting job growth, education, cybersecurity, innovation and entrepreneurial initiatives.
We’re off again and on to India, where Smart City Bangalore is a prime example of a bottom-up digital country strategy, starting at the smart city level. Electronics City, in a newly developed area of Bangalore, is meant to be a model for smart cities, not just in India, but also around the world. Our citizen learns that for this, and for the 90+ other smart cities planned for India under the new government’s plan, its leaders are thinking about better ways to deliver citizen services and foster education initiatives to nurture the next-generation workforce. India is working toward a scalable blueprint on how to continue to be relevant in the rapidly evolving global environment.
And finally, we arrive in Singapore. While visiting, our citizen enjoys ubiquitous Internet connectivity—Singapore’s government has so far connected almost 99 percent of its residents to an ultra-high-speed network. Our citizen also can’t help but notice that Singapore is a bustling, world-class hub for modern business, enabled by the push for high technology adoption and by allowing innovation to flourish. In this year’s Global Information Technology Report, Singapore takes the top rank of the world’s most tech-savvy nations, recognizing the government’s successful promotion of innovative ICT and of providing online services to its citizens.
Well, we’re now approaching 2016, and while we might not have quite ended the traffic jam conundrum, the future of digital transformation in government is here and continues to build momentum. The answer is not a simple one, or a simple fix for technology alone. It is clear that digital transformation, at any level, will not happen overnight. However, it can be said that the future of digital success will rely on high collaboration and best practice sharing. Because amidst all the disruptive change that is due to come our way, governments must recognize they are not necessarily alone. Do’s and don’ts can and should be widely shared to point others on their digital journeys toward success.
Next Stop
Stay tuned for next Wednesday’s post to discover more information about cybersecurity and staying safe online in honor of #CyberAware month. And be sure to check back each week as we explore new themes, challenges and observations.
Additionally, you can click here and register now to get your questions answered on how to become the next digital community.
Finally, we invite you to be a part of the conversation by using the hashtag #WednesdayWalkabout and by following @CiscoGovt on Twitter. For more information and additional examples, visit our Smart+Connected Communities page and our Government page on Cisco.com. Enjoy the Wednesday walkabout!
Guest Blog by Igor Dayen, SP Product and Solutions Marketing
Carriers are continually challenged to deliver on the customer experience. One of the benefits of Cisco’s cBR-8 Evolved CCAP is the built-in telemetry, programmability, and DOCSIS 3.1 support of the platform. This makes it ideal for gigabit-speed access applications that demand both an automated and optimized cable access network.
With Software Defined Networking the cable operator can read information from the cable plant, make necessary decisions and then push an update back into the network. They can then decide on how conservative or how aggressive they want to be on adjusting the plant performance. Other tools such as a health check monitor that will validate performance, record a variety of statistics, and alert users when it sees something that is not a norm.
In addition, there are applications that enable management functions. Functions that today require human intervention can take place automatically – simplifying network operations and maximizing the customer experience.
Ask anyone who’s witnessed a match; rugby is one of the toughest sports in the world. But, as the National Rugby League (NRL) of Australia recently found out: running a
rugby league without a robust wireless network infrastructure can be even tougher.
Recently the NRL, which is the top rugby league in Australia and New Zealand, moved its league offices to Sydney. With its new headquarters, the league felt this was the right time to update their network infrastructure to fit its evolving needs. The NRL wanted create a new outbound call center to drive club membership and the ability to support a rapidly growing mobile workforce.
With a third of their 600 employees being mobile, the NRL felt it was important that their new solution allowed people to work from any location and have the same user experience as if they were in the NRL offices. In addition, they wanted only one vendor to provide the unified data center and communication solution. Continue reading “Cisco Tackles Australian Rugby League Networking Problems”
Wi-Fi Calling, or voice over Wi-Fi (VoWiFi), is a setting that many people are currently using on their mobile devices, though some may be surprised to know that they’re even using it. The basic idea of how VoWiFi works is: instead of making phone calls over a cellular network, mobile devices chose a wireless network when that option is available.
co-written with Richard Jacobik
Guest Blog by Igor Dayen, SP Product and Solutions Marketing
hest sports in the world. But, as the National Rugby League (NRL) of Australia recently found out: running a