Hackers Spotted: Attempts To Steal Important Passwords From F5 BIG IP-Devices

Hackers have started to launch attacks on F5 BIG-IP networking devices. This comes as no surprise, especially since there has been a significant increase in both phishing scams and spam spikes during the COVID-19 period as hackers attempt to prey on stressed-out IT systems. 

The attacks launched against these devices are reported to be malicious, with these hackers trying to steal important passwords from the devices. After investigation, it was concluded that these attacks were aimed at BIG-IP – a multi-purpose networking device that is manufactured by F5 networks.

Not only are these devices malleable and can be configured as various purposes from firewalls to SSL middleware, and access gateways, they’re also one of the most popular networking products used, and helps to support some of the world’s largest and sensitive networks – most likely why these devices were targeted. 

Some networks that it supports include cloud computing data centers and even government networks. These devices are apparently so popular and powerful that 90% of the companies listed on the Fortune 50 list rely on their systems. 

What happened? 

Apparently, it was reported by F5 networks that there was a vulnerability within the BIG-IP devices. Tracked as CVE-2020-5902, it would apparently allow hackers to take full control over any unpatched systems that could be accessed over the internet. 

The vulnerability was so severe that it was slapped with a severity score of 10 – a maximum on the severity scale. This score indicates that the vulnerability was easy to exploit, and doesn’t require extensive coding skills or valid credentials. 

With an increase in hacking attacks and phishing happening all over the world, it would only be a matter of time before hackers would figure out how to exploit this particular vulnerability. Even though various parties such as the US Cyber Command tried to warn system administrators to patch the BIG-IP devices, the attacks had already started.

What did the hackers try to do? 

The attacks were malicious and the hackers tried to invoke.JSP files using a traversal sequence which allows them to read files and execute code. In turn, they were hoping to read various files and dump out the encrypted admin passwords, settings, and more. 

Has this happened before? 

The BIG-IP vulnerability is the type of security bug that hackers have been exploiting in other products for almost a year. Similar RCE bugs have been found in Citrix networking gateways, and hackers have been trying to gain entry into corporate networks, steal sensitive files, and even install ransomware.   

A lot of these bugs have been crucial for ransomware gangs, and in many cases, they don’t even exploit the bugs immediately. Instead, they plant it backdoors and then come back after weeks or even months to monetize their access. 

Some examples of ransomware gangs include Maze or Netwalker and they’ve been known to rely heavily on such bugs to attack some of the world’s largest security. 

Take steps to secure your data

In this case, there’s a need for organizations or companies to move towards securing their organizational data. There’s a need to be prepared for these sustained attacks and threats, as they’re only going to continue. 

If your system admins are too stretched to respond to everything or you don’t have the budget for an entire security team then maybe it’s time to invest in a managed service provider that’ll help you with remaining vigilant against ongoing threats.