The last few days have not become the best for cybersecurity. The Iranian Ministry of Communications and Information Technologies reported that it also became a victim of a global cyber attack, which compromised about 200,000 network switches (or simply Cisco switches) that have not yet received an exploit patch in the Smart Install protocol. The attackers showed the US flag on several screens, adding the warning “do not interfere in our elections”, but the attack was not focused on Iran – only 3,500 switches were the victim of an exploit in this country. More than 55,000 affected devices were in the US, according to the Minister of Information Technologies Mohammad Javad Azari Jahromi, and another 14,000 in China. The rest were located in Europe and India.
Has hooked and us.
Iran’s message came immediately after the Cisco Talos research team warned that there were “several incidents” around the world involving “certain advanced actors” aimed at switches using Smart Install. In November 2017 there was a jump in scanning, and in March and April its intensity only increased.
Damage to Iran may be minimal – Iran reported that it solved this problem in a few hours and did not lose any data. Nevertheless, the depth of attack and its subtext are puzzling. If this were a warning about interference in the elections, then why did not the hackers focus on Russia? Russia is considered the main suspect in the case of interference in Trump elections. The protest looks somewhat random.
Whoever is responsible, these cyberattacks underline the old problem: many of the gaps that have been pierced in recent months have been the result of the mistakes of the past. These switches could be corrected in time to prevent an attack, but the slow response left the holes open. One day, network operators will start to move and patch holes and update operating systems on time. But what for this should happen?