Counterfeit Cisco switches raise network security alarms

F-Secure details enterprise security threats posed by counterfeit network gear.

Unreal Engine 5
Unreal Engine 5

In a disconcerting event for IT security professionals, counterfeit versions of Cisco Catalyst 2960-X Series switches were discovered on an unnamed business network, and the fake gear was found to be designed to circumvent typical authentication procedures, according to a report from F-Secure.

F-Secure says its investigators found that while the counterfeit Cisco 2960-X units did not have any backdoor-like features, they did employ various measures to fool security controls. For example, one of the units exploited what F-Secure believes to be a previously undiscovered software vulnerability to undermine secure boot processes that provide protection against firmware tampering. 

"Counterfeit units such as these can be easily modified to introduce backdoors within an organization. We emphasize that this is not what happened in this instance, but the attack execution would be mostly identical, which is why we think it is important to highlight such issues," said Dmitry Janushkevich, a senior consultant with F-Secure Consulting's hardware security team and lead author of the report.

"In this instance the motivation is purely economic as this is done just to sell counterfeit units for a profit. However, the techniques and opportunities are identical to attacks aimed at compromising the security of organizations."

Still, in this case, the security functions were bypassed, weakening the security posture of the device. This could give attackers who have already gained code execution via a network-based attack, for example, an easier way to gain persistence, and therefore impact the security of the whole organization, Janushkevich said.

To continue reading this article register now