On the heels of the Microsoft Exchange vulnerability, F5 network also unveiled a flaw in their BIG-IP infrastructure. Cyber-attacks on businesses yet to patch the flaw are on the rise.
Earlier this month, F5 Networks announced a vulnerability in its BIG-IP infrastructure. Customers of the Seattle-based company use the BIG-IP servers to manage and monitor traffic, including load balancing, DDoS mitigation and web application security. A patch was released for the vulnerability, but, as is typical of these announcements, cybercriminals are scanning for and exploiting this vulnerability in the wild.
This is fast becoming an urgent matter as F5 provides enterprise services to companies like Facebook, Microsoft, Oracle and Fortune 500 companies including large financial institutions and ISPs. The problem is that this vulnerability was announced and patched right on the heels of the Microsoft Exchange vulnerability and patch release. Many companies were incredibly focused on the first, so when the second announcement arrived in the middle of it all, it got pushed to the side. That’s not to say it wasn’t a priority, it was too much for security teams to handle at once. Unfortunately, now businesses are in a do-or-die situation.
A Twitter post shared by researchers at NCC Group, a security firm, said that they are “seeing full-chain exploitation” of the vulnerability, which allows remote attackers to execute commands on BIG-IP devices without credentials. “After seeing lots of broken exploits and failed attempts, we are now seeing successful in the wild exploitation of this vulnerability, as of this morning,” Rich Warren, Principal Security Consultant at NCC Group and co-author of the blog wrote.
He continued, “The attackers are hitting multiple honeypots in different regions, suggesting that there is no specific targeting. It is more likely that they are ‘spraying’ attempts across the internet, in the hope that they can exploit the vulnerability before organizations have a chance to patch it.”
For a long time, we have said that patching vulnerabilities is a top priority. Security is a priority. Fixing these problems cannot wait because hackers and attackers aren’t going to wait. We’ve indicated that threat actors attack indiscriminately, that the size of your business doesn’t matter, they’ll take whatever they can get. After the Microsoft Exchange vulnerability announcement, there was an immediate attack, and it wasn’t pretty. We’re still working out the ramifications and may never know the full impact, similar to the SolarWinds hack.
The increase in activity around this issue is an indication that this type of activity after a vulnerability announcement isn’t going to go anywhere. There will continue to be a flurry of attempted exploits, some of them sure to be successful, after every vulnerability announcement. Because attackers know that businesses can’t keep up, they know that security was viewed as an afterthought in the past, that businesses don’t have the resources they need to stay on top of every piece of technology they employ.
Now is not the time to wait. Cyberattacks are not going anywhere, especially as we continue to work remotely and attend virtual events. Now is the time to ensure your business’ security is top-notch, that your “i”s are dotted and your “t”s are crossed. No business is exempt from these attacks, if you have a web presence with data stored, you’re a potential target. If your team can’t keep up, it’s okay to bring in an expert to consult and help streamline processes. It’s recommended to hire an expert to review your security in general, mostly because an outside set of eyes is more likely to see things your internal team would miss. This is a vital piece of your business’ survival. Make sure you get it right!