News -

NCC Group providing ongoing threat intelligence on F5 Networks vulnerability

Our Research Intelligence Fusion Team (RIFT) is continually monitoring attempts to exploit the F5 Networks BIG-IP vulnerability. Keep up to date with the latest developments over at our Research Blog here.

Last week, a new vulnerability which could allow remote compromise of F5 Networks BIG-IP networking devices was disclosed.

The vulnerability was given a severity score of 10, which is the maximum on the CVSS (Common Vulnerability Scoring System) severity scale, meaning that it is easy to automate, can be used over the internet, and doesn't require valid credentials or advanced coding skills to take advantage of.

BIG-IP devices are popular networking devices which underpin many large and sensitive networks. These include government and military networks, internet service providers, cloud computing data centres and enterprise networks.

In the days following the initial disclosure, NCC Group’s Research Intelligence Fusion Team (RIFT) has closely monitored the vulnerability – setting up a honeypot to learn more about the behavior of threat actors.

Within a day of setting up the honeypot, the RIFT observed the first active exploitation and has continued to receive insight into further exploits carried out.

Commenting on this, Ollie Whitehouse, global CTO at NCC Group said: “F5 Networks deserves praise for disclosing the vulnerability and supporting their customers, but we estimate that between 4,500 and 5,000 organisations could still be at risk of exploitation as of Monday.

“We are continually monitoring and flagging any new and novel attempts to exploit this vulnerability through our honeypot and other intelligence activities, and we'd encourage any organisation to act now if they think they have been compromised.

"What this shows is the time between patching and exploitation is getting ever shorter. This requires organisations to have agility in order to be able to manage cyber risk in 2020."

Keep up to date with the latest developments here. You can also take a look at our analysis into the root cause of the vulnerability here.

Topics

  • Technology, general

Contacts

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7721577574

Related content

NCC Group Q1 Threat Report Update: Exploits publicly available for 29% of critical vulnerabilities discovered

Our threat intelligence from Q1 of this year revealed that, of the more than 4,400 vulnerabilities that were disclosed* between January and March 2021, 72% had no patches available.

Schrems II judgement – what does it mean for privacy and personal data in the UK and US?

In the latest news concerning how the personal data of people in the EU is transferred to the United States, the European Court of Justice has ruled that the protections afforded by the EU-US Privacy Shield are not adequate. In this article, we have simplified the case and decision to help you to understand the changes.

Research update: RM3 – Curiosities of the wildest banking malware

Recently, our Research and Intelligence Fusion Team (RIFT) published research findings on RM3, an advanced variant of the banking malware family known as Gozi, and uncovered Oceania as the top target for threat actor groups.

20 years of research at NCC Group

NCC Group’s research forms a big part our mission to make the world safer and more secure. Today, we’re taking the opportunity to look back and point you to some of the research we’ve published over the last 20 years, and shine a light on some of the great outputs we have been excited and proud to showcase over the last year.

Related events

Blackhat Euro Training : Mastering Container Securityv4 - Extended Edition

Event date 7 December 2020 – 10 December 2020

Location Virtual event