Hackers Misuse a F5-Alarm Bug in Networking Equipment

Highlights:

• Over 8,000 devices are at risk of a destructive susceptibility in BIG-IP networking devices.

Any organization that uses networking apparatus from Seattle-based F5 Networks faced discourteous disruption during the July 4, 2020, holiday. Thus, a crucial vulnerability turned the holiday into a working day to fix the disruption caused. However, companies that ignored to patch their BIG-IP products may now face a larger issue.

Government agencies announced a vulnerability in the line of BIG-IP products that are sold by F5. These agencies include Cyber Command and the United States Computer Emergency Readiness Team. Government agencies suggested security professionals apply security patches and save networking equipment from hacking. However, security organizations say that F5 vulnerability is already in its wild phase. Thus, it’s already late for companies who didn’t protect their F5 equipment around the weekend.

The Head of the Cybersecurity and Infrastructure Security Agency, Chris Krebs, tweeted, “This is the pre-exploit window to patch slamming shut right in front of your eyes.” He also stated, “if you didn’t patch by this morning, assume compromised.”

The F5 vulnerability

A cybersecurity firm, Positive Technologies, first detected and disclosed the F5 vulnerability to Seattle-based F5 Networks. The F5 vulnerability damages BIG-IP devices, which are known as load balancers in large business grids. These BIG-IP devices are responsible for allocating traffic to several servers that introduce websites or applications. Positive Technologies caught this directory traversal bug and sounded an alarm for BIG-IP devices. Moreover, the F5 vulnerability was aggravated by a new virus that helps the hacker to run any program on the several devices that they select. For instance, hackers may steal the user’s data from a bank or may redirect and seize transactions made via the bank’s website.

Kevin Gennuso, a Cybersecurity Practitioner for a major American retailer, said, “This is probably one of the most impactful vulnerabilities I’ve seen in my 20-plus years of information security, because of its depth and breadth.”

Seriousness of F5 bug

F5 vulnerability needs more attention because it is easy to manipulate and offers several alternatives to hackers. A hacker may use an F5 bug to send traffic to a server or even insert nasty stuff into traffic to target more businesses or users. A Security Analyst at industrial control system security firm Dragos, Joe Slowik, said, “A sufficiently savvy actor would be able to do that.” However, “This gets really scary, really quickly,” he mentioned.

As per Positive Technologies, about 8,000 devices are affected worldwide. Researchers confirmed the number by using Shodan – the cyberspace search tool. Around 40% of those are in the US, 16% in China, and single digit percentage in more states across the globe.

Also, NCC Group, a security firm, stated in its blog, “exploitation attempts were seen on Sunday on their honeypots.” These are bait devices created to imitate susceptible machines to support the researcher’s study assailants. Few exploitation attempts were also recorded recently. This means that many organizations need to update BIG-IP devices and check them for exploitation.

Dragos’ Slowik said, “several organizations are going to come in after this weekend and be not in patching mode but incident response mode.”