Cybersecurity leader RiskIQ released its Vulnerability Landscape report, a high-level view of critical vulnerabilities in 12 widely used remote access and perimeter devices. The findings show that the rapidly increasing adoption of these devices amid the COVID-19 pandemic is expanding digital attack surfaces outside the corporate firewall at incredible speed—and introducing a range of critical, rapidly proliferating vulnerabilities. Cybercriminals and nation-states are already taking advantage of these security flaws, including those in F5 Networks’ BIG-IP product and Cisco’s IOS XE devices, to attack organizations.
In the past, we have covered the company’s news regarding the proliferation of Covid-19 phishing attacks as well as a report describing attacks coming from adware, fleeceware and tax scams.
Recently, organizations have had to scramble to patch dangerous security flaws in dozens of remote access and perimeter devices. Already, there have been 18 high-to-critical vulnerabilities in these systems in 2020. The devices covered in the report include Palo Alto Global Protect, F5 BIG-IP, IBM WebSphere Application Server, Oracle WebLogic, Microsoft Remote Desktop Gateway, Citrix NetScaler Gateway, Citrix ADC, Cisco ASA & Firepower, Oracle iPlanet Web Server, and more.
The report taps the company’s Internet Intelligence Graph, a global network that absorbs internet data to map the billions of relationships between IP-connected devices worldwide. Researchers deployed this telemetry to find the total number of these 12 potentially vulnerable devices online across the world that RiskIQ systems observed between June 1, 2020, and today.
The total amount of potential vulnerabilities in the findings include:
- Palo Alto Global Protect – 61,869
- F5 Big-IP – 967,437
- IBM WebSphere Application Server – 7,496
- Oracle WebLogic – 14,563
- Microsoft Remote Desktop Gateway – 42,826
- Citrix NetScaler Gateway – 86,773
- Citrix ADC – 7,970
- Cisco ASA & Firepower – 1,982
- Oracle iPlanet Web Server 7.0 – 2,848
- SAP NetWeaver – 2,629
- Zoho Desktop Central – 1,988
- Citrix ShareFile – 2,766
“This data in this report gives us a unique glimpse of the new reality facing the enterprise in the post-COVID world, which is that network controls are coming up dangerously short,” said Lou Manousos, RiskIQ’s CEO. “These IP-connected assets aren’t in the purview of most security controls, and dangerous flaws like those found in Cisco, Microsoft, Citrix, and IBM products will continue to be incredibly common.”
Both the US and Australian governments have advised companies to immediately address these critical vulnerabilities, with US Cyber Command recommending that organizations patch both the F5 and PAN-OS vulnerabilities. Both the United States National Security Agency (NSA) and Australian Signals Directorate (ASD) have warned state-sponsored actors that leverage a broad swath of vulnerabilities to deploy web shell malware on vulnerable devices. By doing so, they gain a foothold into target organizations’ networks.
This Event has been called the BEST SHOW in 5 YEARS and the Best TECHNOLOGY EVENT of 2020.
2020 participants included: Amazon, Cisco, Google, IBM, ClearlyIP, Avaya, Vonage, 8×8, Comcast Business, BlueJeans, CoreDial, Dell, Edify, Epygi, FreeSWITCH, Fuze, Grandstream, Granite, Intrado, Frontier Business, Fujitsu, Jenne, West, Konftel, Intelisys, Martello, NetSapiens, OOMA, Oracle, OpenVox, Peerless Network, Phone Sentry, Phone.com, Poly, QuestBlue, RingByName, Sangoma, SingTel, SkySwitch, Spracht, Spectrum, Sprint, Tallac, Tech Data, Telarus, TCG, Teledynamics, Teli, Telinta, Telispire, Telstra, TransNexus, Unified Office, Vital PBX, VoIP Supply, Voxbone, VoIP.MS, Windstream, XCALY, XORCOM, Yealink, Yubox, and ZYCOO. Full List.
Join 8K others with $25B+ in IT buying power who plan 2021 budgets! Including 3,500+ resellers!
June 22-25, 2021, Miami, FL. Register now.