NCC Group providing ongoing threat intelligence on F5 Networks vulnerability
Our Research Intelligence Fusion Team (RIFT) is continually monitoring attempts to exploit the F5 Networks BIG-IP vulnerability. Keep up to date with the latest developments over at our Research Blog here.
Last week, a new vulnerability which could allow remote compromise of F5 Networks BIG-IP networking devices was disclosed.
The vulnerability was given a severity score of 10, which is the maximum on the CVSS (Common Vulnerability Scoring System) severity scale, meaning that it is easy to automate, can be used over the internet, and doesn't require valid credentials or advanced coding skills to take advantage of.
BIG-IP devices are popular networking devices which underpin many large and sensitive networks. These include government and military networks, internet service providers, cloud computing data centres and enterprise networks.
In the days following the initial disclosure, NCC Group’s Research Intelligence Fusion Team (RIFT) has closely monitored the vulnerability – setting up a honeypot to learn more about the behavior of threat actors.
Within a day of setting up the honeypot, the RIFT observed the first active exploitation and has continued to receive insight into further exploits carried out.
Commenting on this, Ollie Whitehouse, global CTO at NCC Group said: “F5 Networks deserves praise for disclosing the vulnerability and supporting their customers, but we estimate that between 4,500 and 5,000 organisations could still be at risk of exploitation as of Monday.
“We are continually monitoring and flagging any new and novel attempts to exploit this vulnerability through our honeypot and other intelligence activities, and we'd encourage any organisation to act now if they think they have been compromised.
"What this shows is the time between patching and exploitation is getting ever shorter. This requires organisations to have agility in order to be able to manage cyber risk in 2020."