All products
F5 Network Breach: A Critical Threat to BIG-IP Users
Customers position BIG-IP at the very edge of their networks for use as load balancers and firewalls, and for inspection and encryption of data passing into and out of networks. Given BIG-IP’s network position and its role in managing traffic for web servers, previous compromises have allowed adversaries to expand their access to other parts of an infected network. The recent breach of F5 Networks has raised concerns among BIG-IP users, as it poses an “imminent threat” to their networks.
Investigation and Response
F5 said that investigations by two outside intrusion-response firms, IOActive and NCC Group, have yet to find any evidence of supply-chain attacks. The company attached letters from these firms attesting that analyses of source code and build pipeline uncovered no signs that a “threat actor modified or introduced any vulnerabilities into the in-scope items.” The firms also said they didn’t identify any evidence of critical vulnerabilities in the system. Investigators, which also included Mandiant and CrowdStrike, found no evidence that data from its CRM, financial, support case management, or health systems was accessed.
The company released updates for its BIG-IP, F5OS, BIG-IQ, and APM products. CVE designations and other details are here. Two days ago, F5 rotated BIG-IP signing certificates, though there was no immediate confirmation that the move is in response to the breach. The US Cybersecurity and Infrastructure Security agency has warned that federal agencies that rely on the appliance face an “imminent threat” from the thefts, which “pose an unacceptable risk.”
Recommended Actions
The UK’s National Cyber Security Center issued a similar directive, emphasizing the need for emergency action. CISA has ordered all federal agencies it oversees to immediately take inventory of all BIG-IP devices in networks they run or in networks that outside providers run on their behalf. The agency went on to direct agencies to install the updates and follow a threat-hunting guide that F5 has also issued. BIG-IP users in private industry should do the same, as the breach poses a significant risk to their networks.
For more information on the F5 Network breach and the recommended actions, visit Here
Image Credit: arstechnica.com