Counterfeit versions of the popular Cisco Catalyst switches were recently found to be designed to bypass or fool authentication processes, according to a new investigation. The issue highlights growing security concerns around imposter IT gear hitting the market.
But working with a certified partner can stop businesses from making such buying mistakes, according to US-based Cisco Gold partner Computex Technology Solutions.
“We don‘t run into this issue for our customers that buy through us and authorized distribution channels. However, we do run into clients that may have bought gray market stuff and the [gigabit interface converters] or some of the switches and equipment are counterfeits,” said Faisal Bhutto, president of cloud and cybersecurity for Computex.
A new report published Wednesday by F-Secure Corp., a cybersecurity firm based in Finland, examined two Cisco Catalyst 2960-X series switches that were brought to F-Secure by an IT company after discovering that their Cisco switches they purchased in 2019 stopped working after a software upgrade, a common issue with counterfeit gear.
F-Secure said that no “backdoors” were identified in the two switches, but since certain security functions were bypassed, the security posture of the device was weakened. ”This could allow attackers who have already gained code execution via a network-based attack, for example, an easier way to gain persistence, and therefore impact the security of the whole organization,” the authors of the report wrote.
In response to the report, a Cisco spokesperson said in a statement to CRN USA that maintaining the integrity and quality of Cisco products and services is a top priority for the tech giant. Certified partners, said Cisco, can and should be relied on to protect companies from buying fake products.
“Counterfeit products pose serious risks to network quality, performance, safety, and reliability. We recommend customers purchase Cisco products from Cisco or through an authorised partner to ensure customers get genuine and authorized Cisco products,” the Cisco spokesperson said.
Cisco said that it actively monitors the global counterfeit market and implements a “holistic and pervasive Value Chain Security Architecture comprised of various security controls to prevent counterfeiting” to protect customers. Additionally, the company has a Brand Protection team dedicated to detecting, deterring, and dismantling counterfeit activities. ”Combatting widespread counterfeiting and protecting intellectual property rights are sizable challenges facing the entire technology industry,” the Cisco spokesperson said.
Solution providers can help make sure customers understand the full value of a product, which can help a business avoid simply purchasing what they think they might need on their own, Computex‘s Bhutto said. The industry shift to software will also help cut down on the issue of fake networking gear, he added.
“As the [enterprise agreement] momentum continues and the dollars are more attached to software, the hardware alone isn‘t going to cut it, so this will help fix the issue,” he said. ”Imagine a client buying a Meraki counterfeit -- it’s a brick without a license!”
Cisco channel chief Oliver Tuszik in October said that the company was tightening the reins on partner procurement control as it fights against counterfeiters that are pushing registered channel partners out of deals and peddling fake Cisco products.
Tuszik said in a blog post at the time that he would protect partners and penalize fraudsters.
“I‘m pretty passionate on this topic because I believe our partners deserve us taking care of the bad guys,” Tuszik told CRN USA.