Update: 20th September 2015: As discussed in a more recent blog post, attackers are now re-imaging Cisco networking devices with modified IOS firmware in order to take control of your networking equipment. These devices can then be used for possible further attacks within your network (among other malicious actions).
The first type of attack using this technique has been called “SYNful Knock”. Details including how to detect, mitigate and recover from this attack are provided in the above linked to blog post.
Earlier this month Cisco issued a security bulletin to notify it’s customers of an evolution in the way that attackers compromise corporate networking devices. After obtaining access to the devices (either physical access or gaining administrative privileges by another means) an attacker can then utilize the standard means of field upgrading the built in firmware of a device.
Why Should These Issues Be Considered Important?
With the attacker modified version of the firmware installed on the Cisco networking devices the attackers can manipulate it’s behavior and settings. In addition since the code is installed in the firmware of the device this means that it persists/survives a reboot of the device and makes removal of the modified firmware far more difficult.
How Can I Protect Myself From These Issues?
Since no vulnerability is used to install unauthorized firmware updates Cisco has provided extensive guidance within their security bulletin to harden the devices against this and other attacks. Please follow the guidance to harden your Cisco IOS devices against these more persistent attacks (advice on removing such threats if your firmware has already been compromised is also provided).