Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

FBI: Iranian Hackers Trying To Exploit Critical F5 BIG-IP Flaw

FBI: Iranian Hackers Trying To Exploit Critical F5 BIG-IP Flaw

The FBI warns of Iranian hackers actively attempting to exploit an unauthenticated remote code execution flaw affecting F5 Big-IP application delivery controller (ADC) devices used by Fortune 500 firms, government agencies, and banks.

F5 Networks (F5) released security updates to fix the critical 10/10 CVSSv3 rating F5 Big-IP ADC vulnerability tracked as CVE-2020-5902 on July 3, 2020.

The U.S. domestic intelligence and security service says in a Private Industry Notification (PIN) issued earlier this week that the Iran-sponsored hacking group has been trying to compromise vulnerable Big-IP ADC devices since early July 2020.

Successful attacks could lead to ransomware deployment

CISA also issued a warning confirming the active exploitation of CVE-2020-5902 last month, confirming successful attacks against two organizations.

“As early as July 6, 2020, CISA has seen broad scanning activity for the presence of this vulnerability across federal departments and agencies—this activity is currently occurring as of the publication of this Alert,” CISA added.

The FBI says that after compromising an organization’s network, the Iranian state-backed threat actors may collect and steal sensitive information that could get into the hands of other hackers or of the Government of Iran.

Other outcomes of successful attacks coordinated include the deployment of ransomware on compromised networks and credential theft that can be leveraged to gain access to other network devices.

Previous activity linked to the same hacking group

The FBI PIN was issued due to the agency’s analysis of the group’s previous activity which points at future aggressive campaigns to exploit the CVE-2020-5902 vulnerability before organizations will be able to patch vulnerable F5 Big-IP ADC devices.

According to the FBI, the same nation-state actors were behind multiple campaigns targeting vulnerable VPN devices since August 2019 in attacks designed to exploit vulnerable VPN appliances, including but not limited to Pulse Secure (CVE 2019-11510, CVE 2019-11539) [12] and Citrix ADC/Gateway (CVE 2019-19781).

This group’s attacks are known to have been targeting US organizations from a wide range of industry sectors including local government, defense, finance, healthcare, information tech, and media.

The FBI is also warning private industry orgs that once their networks get compromised by this group patching the devices is not sufficient to deny the hackers access to previously hacked devices since they also use web shells to create persistent backdoors and stolen credentials to regain access.

While on compromised networks, the threat actors will make use of post-exploitation tools such as Mimikatz, NMAP, and others for internal network reconnaissance, as well as add new users to hacked systems.

The FBI PIN also provides indicators of compromise (IOCs) and Tactics, Techniques and Procedures (TTPs) to allow private industry orgs to identify signs of related malicious activity on their networks.

Also read: 4 easy guides to data breach assessment

Detection and recovery measures

Since according to F5’s security advisory, any remaining unpatched devices are probably already compromised, IT admins are advised to use F5’s CVE-2020-5902 IoC Detection Tool to scan for IOCs within their org’s environment.

CISA recommends all orgs to go through these steps while hunting for CVE-2020-5902 exploitation signs:

• Quarantine or take offline potentially affected systems
• Collect and review artifacts such as running processes/services, unusual authentications, and recent network connections
• Deploy a CISA-created Snort signature to detect malicious activity (available in the alert under Detection Methods)

If evidence of CVE-2020-5902 exploitation is found, orgs are urged to promptly respond with recovery measures targeting all impacted devices by:

• Reimaging compromised hosts
• Provisioning new account credentials
• Limiting access to the management interface to the fullest extent possible
• Implementing network segmentation

Also read: Privacy policy template important tips for your business

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us