When I first came across the name BadCandy, I thought it was a joke. It is not. It’s a serious malware campaign that is aggressively targeting Cisco networking devices. Australia’s cyber agency (ACSC) recently revealed that many Cisco routers and switches that have not been patched are having BadCandy installed on them.
If you have a Cisco device at work or home, you should take notice - this infection will compromise your data and allow hackers to have access to your systems.
Here are some of the things hackers will be able to do if they access your Cisco device:
• Steal passwords and other data.
• Change router settings to spy on you or your users.
• Generate a backdoor even after you reinstall/factory reset your router and switch.
This sounds frightening? Because it is. This is because malware does not attack just once and stays hidden to attempt to infect your system again.
However, that is what hackers are waiting for — unpatched Cisco devices with unpatched vulnerabilities and outdated security flaws. Hackers have no need to create 'new' hacks when users continue to run outdated firmware.
I will admit, I was one of those people who would put off firmware updates because I didn’t want to mess with my setup. But after having one of my routers hacked years ago and the hassle of rebuilding the configuration of the router after, I will never put off firmware updates ever again!
1. Update your firmware — Download the latest firmware patches from Cisco.
2. Check your logs - Watch for strange connects or unfamiliar IPs.
3. Change your passwords — Such easier passwords like "admin123" are low hanging fruit for hackers.
4. Turn off unnecessary ports and services — Less access points to your device means less risk access points.
If you have a Cisco device at work or home, you should take notice - this infection will compromise your data and allow hackers to have access to your systems.
What’s Going on with BadCandy
According to the ACSC, BadCandy attacks unpatched or legacy Cisco routers and switches. The infection results in malware hidden on the device that is designed to allow hackers remote access and control the device.Here are some of the things hackers will be able to do if they access your Cisco device:
• Steal passwords and other data.
• Change router settings to spy on you or your users.
• Generate a backdoor even after you reinstall/factory reset your router and switch.
This sounds frightening? Because it is. This is because malware does not attack just once and stays hidden to attempt to infect your system again.
Why Hackers Target Cisco Devices
Look around you, and probably somewhere current or in the past has a Cisco device in it. Cisco devices are everywhere — businesses, schools, and even small home networks. Due to this, they can also be a major target for hackers. Most people don’t update their Cisco devices firmware (the built-in software on the device), especially if the device is working even if the company might have better things to do normally.However, that is what hackers are waiting for — unpatched Cisco devices with unpatched vulnerabilities and outdated security flaws. Hackers have no need to create 'new' hacks when users continue to run outdated firmware.
I will admit, I was one of those people who would put off firmware updates because I didn’t want to mess with my setup. But after having one of my routers hacked years ago and the hassle of rebuilding the configuration of the router after, I will never put off firmware updates ever again!
How to Protect Your Cisco Devices
There is reassuring though that you can protect your Cisco devices with a few steps.1. Update your firmware — Download the latest firmware patches from Cisco.
2. Check your logs - Watch for strange connects or unfamiliar IPs.
3. Change your passwords — Such easier passwords like "admin123" are low hanging fruit for hackers.
4. Turn off unnecessary ports and services — Less access points to your device means less risk access points.