Counterfeit versions of Cisco Catalyst 2960-X Series switches were discovered on an unnamed business network in 2019 after what it thought were authentic network switches failed following a software upgrade.

 

According to a report from F-Secure, the fake switches were designed to circumvent typical authentication procedures. F-Secure said that the counterfeit Cisco 2960-X units did not have any backdoor-like features. However, they employed various measures to fool security controls.

 

A previously undocumented vulnerability in a security component was fingered as responsible for allowing the devices Secure Boot restrictions to be bypassed.

 

“Counterfeit units such as these can be easily modified to introduce backdoors within an organization. We emphasize that this is not what happened in this instance, but the attack execution would be mostly identical, which is why we think it is important to highlight such issues,” Dmitry Janushkevich, a senior consultant with F-Secure Consulting’s hardware security team and lead author of the report said.

 

The F-Secure team believes that the motivation for producing the counterfeits was purely economic. This means that the company did not have their data exposed in the period although it could easily have been.

 

“In this instance, the motivation is purely economic as this is done just to sell counterfeit units for a profit. However, the techniques and opportunities are identical to attacks aimed at compromising the security of organizations,” Dmitry.

Also read:
– Cisco Webex Unveils Virtual Backgrounds As It Stays In The Competition
– Thinking About Video Call Security, See Cisco Webex Security Offerings
– Your Mask Is Fake! 3M Sues Amazon Third-Party Sellers For Selling Counterfeit N95 Masks

At the end of the day, the firm had absolutely no security where it thought it did. Attackers who had gained code execution via a network-based attack, for example, could have had an easier way to gain persistence, thus impacting the security of the whole organisation, according to Dmitry.

 

Cisco in its reaction to the F-Secure report had issued the following statement:

 

“Maintaining the integrity and high quality of Cisco products and services is a top priority for Cisco. Counterfeit products pose serious risks to network quality, performance, safety, and reliability.

 

“To protect our customers, Cisco actively monitors the global counterfeit market as well as implements a holistic and pervasive Value Chain Security Architecture comprised of various security controls to prevent counterfeiting.

 

“Cisco also has a Brand Protection team dedicated to detecting, deterring, and dismantling counterfeit activities. Combatting widespread counterfeiting and protecting intellectual property rights are sizeable challenges facing the entire technology industry.”

Cisco is tough on counterfeit products

Cisco has a reputation for going tough on counterfeiting. In April 2019, Cisco’s Brand Protection team in collaboration with the U.S. Customs and Border Protection seized over $626,880 worth of counterfeit Cisco products in a single day.

 

In December of the same year, the company also won an injunction requiring some manufacturers in China to stop selling counterfeit networking products. The injunction also required online markets like Amazon, Alibaba, and eBay to remove listings for fake Cisco-branded gear.

Also read:
– Hacked: Twitter Disables Accounts As Means Of Curtailing Bitcoin Scam
– Amazon To List Names And Addresses Of Sellers To Fight Counterfeiting
– Cisco Outlines Three Network Challenges That IT Can Help Overcome During The COVID-19 Pandemic

F-Secure lists some advice to help organisations avoid purchasing counterfeit devices. They are:

— buy all your devices from authorised resellers.
— introduce clear internal processes and policies in your procurement processes.
— ensure all the devices run the latest available software provided by authorised vendors.
— pay attention to the various physical differences between different units of the same product, even for the most subtle differences.

 

As for the companies that procured the counterfeit Cisco 2960-X units, the devices lost their primary function as a network switch after the installation of the software upgrade. However, the units were still accessible via the console according to F-Secure.

 

Reverting the software version also did not fix the problem.

 

For your daily dose of tech, lifestyle, and trending content, make sure to follow Plat4om on Twitter @Plat4omLive, on Instagram @Plat4om, on LinkedIn at Plat4om, and on Facebook at Plat4om. You can also email us at info@plat4om.com and join our channel on Telegram at Plat4om. Finally, don’t forget to subscribe to our YouTube channel HERE.