Mr. Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks
Unit 42 is tracking F5’s disclosure of long-term persistent access by nation-state actors. The theft of BIG-IP source code and previously undisclosed vulnerabilities by a nation-state actor is significant as it potentially facilitates rapid exploitation of vulnerabilities.
“Generally, if an attacker steals source code it takes time to find exploitable issues. In this case, they also stole information on undisclosed vulnerabilities that F5 was actively working to patch. This provides the ability for threat actors to exploit vulnerabilities that have no public patch, potentially increasing speed to exploit creation. The disclosure of 45 vulnerabilities in this quarter vs. just 6 last quarter suggests F5 is moving as fast as they can to actively patch these stolen flaws before the threat actors can exploit them.
“F5’s prompt disclosure and mitigation guidance are crucial first steps. The top priority for any organization using F5 BIG-IP is to implement mitigation and hardening guidance without delay and begin threat hunting activities immediately.
“This underscores the need for a defense-in-depth strategy in the face of unknown, emerging and previously-identified vulnerabilities.”
If you have an interesting Article / Report/case study to share, please get in touch with us at editors@roymediative.com roy@roymediative.com, 9811346846/9625243429.
