Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1429
Views
10
Helpful
4
Replies

Hardware security after ransomware attack

ChrisPret
Level 1
Level 1

‎10-02-2019 02:28 PM - edited ‎10-02-2019 02:29 PM

A friend of mine recently donated an SG200-50 switch to me that his company insisted on throwing out after a ransomware attack crippled their business.

Is there any way for me to check that the switch is actually safe to use? It is going to be used in a small office, but we frequently log into customer sites via remote desktop, vpn, etc, so I don't want to take any undue risks.

0 Helpful
4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

‎10-03-2019 12:17 AM

That is just a switch.
Ransomware can hit anywhere in the network. It doesn't mean the switch is the egress.
There is no way to determine what really happened unless the real story is explained.

ChrisPret
Level 1
Level 1
In response to Leo Laohoo

‎10-03-2019 09:29 AM

My question is more about the actual switch. Is there any significant risk in using it in a new network? I've done a lot of research online but can't find anything that clearly states if it is possible to rootkit that model and leave a backdoor.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to ChrisPret

‎10-03-2019 03:30 PM

@ChrisPret wrote:

if it is possible to rootkit that model and leave a backdoor.

Security companies have been discovering hard-coded admin &/or root usernames in Cisco codes for years.  So yes, there are "backdoor". 

But the question is this:  If the security bulletin has been published, what are YOU doing about it?  Did you update the firmware, as recommended?  Are you using a strong set of passwords, as recommended? 

Questions you are are asking have been answered in the last 4 to 6 years (or more).  It is all up to individual users if they want to get off the couch and do something or not.   

Next thing to consider:  The network is not always the egress for an attack.  Petya and Wannacry(pt) came through an email attachment.  Mirai botnet comes from IP cameras, DVRs with bad codes.  Magecart are due to poor coding practices.  STUXnet came from an infected USB stick.  

ChrisPret
Level 1
Level 1
In response to Leo Laohoo

‎10-03-2019 04:16 PM

Yup, boot & firmware updated to latest version, strong password & unique admin username (as forced by firmware).

 

Thanks for your input, I’m probably just being paranoid because they decided to scrap the hardware rather than reuse it.

0 Helpful
Customers Also Viewed These Support Documents