The CISA has issued a new alert indicating the existence of an aqueous (current) exploit that is actively putting edge firewall devices at risk. This escalation marks a significant increase in the risk faced by organizations with perimeter-based (firewall) defenses. This confirms that cybercriminals believe they can successfully exploit weaknesses in realworld environments rather than just in theory (as described in past advisories about potential vulnerabilities). Consequently, the shift from theoretical risk to active threat means organizations using perimeter-based security must increase their risk and assume greater risk as attackers exploit these weaknesses. The vulnerability has been deployed on a large scale and therefore poses a high risk of disruption.
What the Alert Reveals
In the advisory, CISA states that attackers are exploiting vulnerabilities in edge firewalls. Edge firewalls are meant to manage and control all network traffic entering and leaving the organization, and they are a major component of the organization’s security architecture.
Once these edge firewalls are compromised, hackers have direct access to the internal network (and, from there, to any other systems on the network). Because of the CISA advisory, we now know that attackers are actively exploiting this access to gain network entry, circumvent traditional security controls, and establish an ongoing presence on an organization’s network.
Firewalls Are High-Value Targets
Edge Firewalls are located at the edge of an organization’s internal systems and the external network, making them a highly desirable target for cybercriminals seeking quick access to a network.
Should an attacker successfully compromise a Firewall, they can intercept data packets, manipulate information flow, and migrate from one area of the network to another. With this level of access, an attacker can carry out a wide range of malicious activities, including data theft and system disruption.
Many organizations assume that firewalls are secure once deployed; however, they can become compromised due to outdated firmware, misconfiguration, and delayed patches, leaving organizations vulnerable to attack.
Industry-Wide Immediate Risks
Active exploits pose an immediate threat to organizations. After an attacker has compromised a device, they can do the following:
1. Spread ransomware throughout an organization’s devices
2. Exfiltrate sensitive information
3. Disrupt critical services
4. Establish long-term access to an organization’s network
The urgency of this issue cannot be understated. The latest CISA alert provides organizations with the opportunity to act quickly to mitigate their exposure and prevent a breach.
Who is at greater risk?
Although the threat of cyber-attacks is everywhere, there are certain types of organizations that are more susceptible to attack:
- Organizations that have out-of-date firewall software
- Organizations that have complex networks
- Organizations that don’t have any means to monitor their network continuously
- Organizations that don’t implement security patches or apply them after we recommend them
Cyber-attacks on infrastructures are escalating due to continually increasing sophistication, with the primary focus being on core systems rather than end-user devices, as they generally provide greater access and impact.
Why This Threat Is Escalating
The existence of a live firewall exploit signals that threat actors are taking a more strategic approach to cyber theft, targeting systems that will provide them the greatest benefit at the least cost.
Organizations must take immediate action in the following areas to mitigate today’s threat:
1) Apply Security Patches Immediately
Verifying all firewalls are on the latest firmware and patch levels.
2) Conduct Configuration Reviews
Inspecting firewall configurations and settings to find and fix any vulnerabilities.
3) Implement Continuous Monitoring
Using monitoring tools to detect and respond to unusual activity.
4) Strengthen Access Controls
Limiting user access to critical systems and implementing strong authentication mechanisms for all users.
5) Establish Incident Response Plans
Preparing your teams to respond appropriately to potential attacks.
This trend reflects a broader trend in cybersecurity, where attackers are increasingly exploiting vulnerabilities at the infrastructure level and leveraging increasingly complex technologies used by organizations to protect their networks.
Conclusion
The need for a layered security approach has become more evident amid the current trend of higher-frequency, increasingly sophisticated attacks on network infrastructure. Experts predict the number of cyberattacks on network infrastructure will continue to rise and grow in complexity. As a result, companies will need to adapt by implementing more robust, flexible security programs to combat these newer forms of attack.
Source: An official website of the U.S. Department of Homeland Security
