Storm⚡️Watch by GreyNoise Intelligence
This "Breaking News" edition of the Storm Watch podcast begins with the hosts introducing themselves and their guest, Mark from Censys. The hosts discuss the recent surge in activity around a new Cisco IOS vulnerability and the subsequent system implants. Censys has published a blog post on the topic and discovered that approximately 41,983 hosts had this implant installed, an increase of about 5,000 to 6,000 from the previous day.
The hosts discuss the unique nature of this implant, noting that it does not persist through reboots or maintenance. However, attackers can establish a more permanent threshold or entry point post-implant pre-reboot. The hosts also discuss the development of a scan profile for this vulnerability, which was facilitated by information provided by Talos in their blog post.
Then they discuss the distribution of the affected hosts, noting that they are spread across many different autonomous system organizations. They speculate that many of the affected systems are likely small businesses or residential users who received their devices from their Internet Service Providers (ISPs). The hosts also note that many different entities are scanning for this vulnerability, some of which are unknown, indicating that many people are opportunistically jumping on this issue.
The hosts conclude the podcast by discussing the severity of this vulnerability, noting that it provides top-tier, or "God mode," access to people's networks. They encourage listeners to stay informed and safe, and they express hope that they won't have to report on another breaking news issue before their next scheduled episode. Be sure to check out the GreyNoise blog for more details and updates on this active vulnerability.