Hackers are trying to steal admin passwords from F5 BIG-IP devices


Hackers have started launching attacks against F5 BIG-IP networking devices, ZDNet has learned.

Attacks have been spotted today by Rich Warren, a security researcher for the NCC Group.

In an interview earlier today, Warren told ZDNet the attacks are malicious in nature, and hackers are attempting to steal administrator passwords from the hacked devices.

Summary: BIG-IP and CVE-2020-5902

These attacks are targeting BIG-IP, a multi-purpose networking device manufactured by F5 Networks. BIG-IP devices can be configured to work as traffic shaping systems, load balancers, firewalls, access gateways, rate limiters, or SSL middleware.

These devices are some of the most popular networking products in use today, and they are used to underpin some of the largest and sensitive networks around.

BIG-IP devices are used in government networks, on the networks of internet service providers, inside cloud computing data centers, and they’re widely deployed across enterprise networks.

The devices are so powerful and popular that on its website, F5 claims that 48 of the 50 companies included in the Fortune 50 list rely on BIG-IP systems.

On Wednesday, F5 Networks published patches and released a security advisory about a “remote code execution” vulnerability in BIG-IP devices.

F5 said the vulnerability, tracked as CVE-2020-5902, could allow attackers to take full control over unpatched systems that are accessible on the internet.

The vulnerability was deemed so dangerous that it received a 10 severity score, the maximum on the CVSSv3 severity scale. This score means the vulnerability is easy to exploit, automate, can be used over the internet, and doesn’t require valid credentials or advanced coding skills to take advantage of.

Exploitation attempts started after three days

The cyber-security community expected that this bug would come under active attacks as soon as hackers figured out how they could exploit it.

Cyber-security experts have been trying to raise the alarm about the urgent need to patch this bug, without any delay, since Wednesday, when it became public, as any successful attacks would grant threat actors full access to some of the world’s most important IT networks.

Their efforts to raise attention to this issue were helped by US Cyber Command, which, on Friday night, just hours before July 4th, asked system administrators to take the time to patch BIG-IP devices, also fearing the same thing.

According to Warren, those attacks began just hours after the US Cyber Command tweet. Warren, who is currently operating BIG-IP honeypots — servers made to look like BIG-IP devices — said he detected malicious attacks coming from five different IP addresses.

In logs shared with ZDNet, Warren pointed out the source of those attacks and confirmed they were malicious.

“The vulnerability allows you to invoke .JSP files using a traversal sequence,” Warren told ZDNet earlier today.

“This, in turn, allows you to (ab)use functionality of otherwise authenticated .JSP files to do things like read files or, eventually, execute code.

“So far, what we’ve seen is an attacker reading various different files from the honeypots and executing commands via a built-in .JSP file. With this they were able to dump out the encrypted admin passwords, settings., etc.,” Warren said.

Pulse Secure, Citrix, and now… BIG-IP

The BIG-IP vulnerability is the type of securit ybug that nation-state hacking groups and ransomware gangs have been exploiting for almost a year — but in other products.

Since August, hacking groups have been exploiting similar RCE bugs in Pulse Secure VPNs and Citrix networking gateways to gain a foothold on corporate networks, and then plant backdoors, steal sensitive files, or install ransomware.

The Pulse Secure and Citrix bugs have been the bread and butter for ransomware gangs, in particular. In many cases, they didn’t even exploit the bugs right away. They planted backdoors, and then came back days, weeks, or months later to monetize their access.

Ransomware gangs like REvil, Maze, or Netwalker have been known to heavily rely on these types of bugs to attack some of the world’s largest companies, and security experts say the BIG-IP vulnerability is just the type of bug that will fuel their next wave of attacks.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

Crypto casinos
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin56,887 0.40 % 1.17 % 1.49 %
Ethereum4,583.4 0.82 % 1.65 % 5.23 %
Binance Coin623.34 1.29 % 0.33 % 5.03 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana224.13 1.27 % 5.18 % 0.91 %
Cardano1.550 1.08 % 1.15 % 11.56 %
XRP0.9884 0.66 % 2.00 % 7.34 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
Dogecoin0.2215 0.68 % 1.42 % 7.23 %

Bitcoin (BTC) $ 56,973.00
Ethereum (ETH) $ 4,596.53
Binance Coin (BNB) $ 627.88
Tether (USDT) $ 0.999549
Solana (SOL) $ 226.15
Cardano (ADA) $ 1.56
XRP (XRP) $ 0.99155
Polkadot (DOT) $ 36.90
USD Coin (USDC) $ 0.997752
Dogecoin (DOGE) $ 0.208471