Prospects place BIG-IP on the very fringe of their networks to be used as load balancers and firewalls, and for inspection and encryption of knowledge passing into and out of networks. Given BIG-IP’s community place and its function in managing site visitors for internet servers, earlier compromises have allowed adversaries to increase their entry to different components of an contaminated community.
F5 stated that investigations by two outdoors intrusion-response corporations have but to search out any proof of supply-chain assaults. The corporate connected letters from corporations IOActive and NCC Group testifying that analyses of supply code and construct pipeline uncovered no indicators {that a} “menace actor modified or launched any vulnerabilities into the in-scope objects.” The corporations additionally stated they didn’t establish any proof of essential vulnerabilities within the system. Investigators, which additionally included Mandiant and CrowdStrike, discovered no proof that information from its CRM, monetary, assist case administration, or well being methods was accessed.
The corporate launched updates for its BIG-IP, F5OS, BIG-IQ, and APM merchandise. CVE designations and different particulars are right here. Two days in the past, F5 rotated BIG-IP signing certificates, although there was no speedy affirmation that the transfer is in response to the breach.
The US Cybersecurity and Infrastructure Safety company has warned that federal businesses that depend on the equipment face an “imminent menace” from the thefts, which “pose an unacceptable danger.” The company went on to direct federal businesses below its management to take “emergency motion.” The UK’s Nationwide Cyber Safety Middle issued the same directive.
CISA has ordered all federal businesses it oversees to instantly take stock of all BIG-IP units in networks they run or in networks that outdoors suppliers run on their behalf. The company went on to direct businesses to put in the updates and comply with a threat-hunting information that F5 has additionally issued. BIG-IP customers in non-public business ought to do the identical.
