Skip to comments.Hackers Are Trying To Steal Admin Passwords From F5 BIG-IP Devices
Posted on 07/08/2020 11:22:32 AM PDT by Enlightened1
Hackers have started launching attacks against F5 BIG-IP networking devices, ZDNet has learned.
Attacks have been spotted today by Rich Warren, a security researcher for the NCC Group.
In an interview earlier today, Warren told ZDNet the attacks are malicious in nature, and hackers are attempting to steal administrator passwords from the hacked devices.
These attacks are targeting BIG-IP, a multi-purpose networking device manufactured by F5 Networks. BIG-IP devices can be configured to work as traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.
These devices are some of the most popular networking products in use today, and they are used to underpin some of the largest and sensitive networks around.
BIG-IP devices are used in government networks, on the networks of internet service providers, inside cloud computing data centers, and they're widely deployed across enterprise networks.
The devices are so powerful and popular that on its website, F5 claims that 48 of the 50 companies included in the Fortune 50 list rely on BIG-IP systems.
On Wednesday, F5 Networks published patches and released a security advisory about a "remote code execution" vulnerability in BIG-IP devices.
F5 said the vulnerability, tracked as CVE-2020-5902, could allow attackers to take full control over unpatched systems that are accessible on the internet.
The vulnerability was deemed so dangerous that it received a 10 severity score, the maximum on the CVSSv3 severity scale. This score means the vulnerability is easy to exploit, automate, can be used over the internet, and doesn't require valid credentials or advanced coding skills to take advantage of.
(Excerpt) Read more at zdnet.com ...
I spent a good number of years deploying Cisco VOIP systems, routers, switches, call managers, phones, etc....to some of the largest companies in America, many of the networks were worldwide.....
I have often wondered if you could hack into some of the key access points of these networks and capture IP phone traffic, much of it is in clear and not encrypted, you could basically listen in on phone conversations of just about anyone.....
I have never worked with a Big IP devices but when they mentioned traffic shaping in the article, that indicates to me they are used in QoS which is essential for VOIP to work consistently.....
I suspect those seeking Administrator Access are either kds doing it for fun or sophisticated hackers looking to basically tap into phone conversation at major companies...
It could be for nefarious reasons, but let’s say you hacked into Goldman Sachs or some other Wall Street firm and listened in on conversations about M&A or Initial Stock Offerings...you would have a huge advantage...
Along the way, some engineer knew something... did s/he keep quite or was s/he ignored?
“Oh btw, let’s not forget about the possibility of this particular vulnerability...”
I am not buying the story. I think it’s an excuse to get everyone away from passwords to bio tech passwords (meaning’s eyes, finger prints, voice, face ID).
“I have often wondered if you could hack into some of the key access points of these networks and capture IP phone traffic, much of it is in clear and not encrypted, you could basically listen in on phone conversations of just about anyone.....”
My understanding is the Intelligence Agencies can already do that.
I suspect it is the Chinese.
Thanks for the Heads Up..
“Beginning in May 2019, the group began expanding from South Korean digital heists in a big way, attacking online retailers in the United States and Europe with a technique known as digital skimming or Magecart, the latter name derived from a hacking consortium that began targeting online shopping carts in 2015.
Digital skimming is the virtual version of the mechanical skimmers thieves have been known to plant on gas pumps and other easily accessible credit card swipers. In a digital skimming attack, the hackers plant malware code in an online retail site that intercepts transactions and sends the credit card information to a server controlled by the hackers.
Planting this code is generally thought to require administrative access to the targeted website, which Sansec believes APT Lazarus/HIDDEN COBRA obtained using spear-phishing techniques i.e. using phony emails and booby-trapped websites to trick legitimate users into giving away their login names and passwords.”
For the Tech Pinglist
The various Intelligence Agencies to do work with the major Tier One Internet providers like ATT, Verizon, Level 3, etc....and do have taps into their major hubs and can capture anything they want......
But I’m talking about targeted intelligence gathering on a handful of companies for either terrorist reasons or some type of scam to make money.....Like I said, if you knew what the top money managers at Goldman-Sachs were talking about in real time, how valuable might that be...??
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.