Phlashing is more than theoretical: it's been demonstrated at conferences, like London's EUSecWest security conference...
in May 2008. You're correct to point out that there hasn't been a widespread outbreak in the wild. Nevertheless, enterprises should fortify devices to protect against this type of attack.
The best advice I can give you is to never connect the management interface of a device to a public network. Doing so invites trouble by making it possible for an attacker to upload non-authentic firmware. Ideally, such devices belong on their own private control network, accessible only to administrators with a legitimate need to configure the devices.
Dig Deeper on DDoS attack detection and prevention
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ...continue reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ...continue reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.