This seems like such a non-event because what is the exploit path to load the image? There needs to be a primary exploit to load the malware image.
Hmmm. Get a job servicing/installing data centre HVAC systems, wait until you get called out to a mostly empty data center, lift some floor tiles or change a flash with tongs through a wire cage, or whatever. Maybe make some "fog" in the room to block the security cameras while you do your work. Maybe bribe the security guard to look the other way, or just bribe the NOC employees. There are hundreds of ways for a primary exploit to happen. The Internet data center may not be the primary target of the people who try these things, i.e. Cisco's main customer base is the enterprise, not the ISP. The fact is that there are more and more reasons why someone would go to all the trouble of exploiting one or two routers in this way. Do you have the processes and systems to demonstrate that it has not happened already? --Michael Dillon