- According to the latest research, hundreds of FCEB organizations-owned devices are exposed to the internet. Further, manyinternet-exposed hosts are accessible through IPv4 addresses.
- IPv4 access could enable an attacker to take over the configuration or control of the networked management interfaces of federal agency networks.
- FCEB agencies have 14 days to comply with 23-02 BOD either by securing it with Zero Trust Architecture or removing the device from the public internet.
New findings from threat intelligence provider Censys have revealed that hundreds of Federal Civilian Executive Branch (FCEB) organizations-owned devices are exposed to the internet. According to the research, hundreds of internet-exposed hosts are accessible through IPv4 addresses out of the 1,300 the company analyzed.
IPv4 access could enable an attacker to take over the configuration or control of the networked management interfaces of federal agency networks. Overall, Censys found that 13,000 distinct hosts across more than 100 autonomous systems are at risk of exploitation.
Additionally, 15 instances of exposed remote access protocols such as FTP, SMB, NetBIOS, and SNMP were found running on FCEB-related hosts, 150 instances of end-of-life (i.e., no security updates) software such as Microsoft IIS, OpenSSL, and Exim; multiple exposed Nessus vulnerability scanning servers and exposed physical Barracuda Email Security Gateway appliances were discovered.
Tomer Bar, VP of Security Research at SafeBreach, told Spiceworks, “Exposed devices with remote management interfaces are one of the most common attacks used by both nation-state and cybercrime threat actors to achieve initial access to the target network. Clear text protocols like FTP are even worse and should be replaced immediately.â€
More than ten hosts running HTTP services that expose directory listings of file systems and several instances of exposed managed file transfer tools (MOVEit transfer, GoAnywhere MFT, VanDyke VShell file transfer, and SolarWinds Serv-U file transfer) were also found by Censys.
“This is an alarming discovery, and it reminds us of the importance of self-checks like scanning and actively enumerating your own network devices. We recommend any public-facing enterprises to actively scan themselves in a continuous process to discover new gaps and to minimize the exposure duration,†Bar added.
Censys’ analysis is based on publicly accessible remote management interfaces associated with networked devices such as routers, access points, firewalls, VPNs, and other remote server management technologies.
Findings from the report indicate FCEB agencies directly breach the Cybersecurity and Infrastructure Security Agency’s (CISA) 23-02 Binding Operational Directive (BOD) released earlier in June. Respective administrators from FCEB agencies have 14 days to comply with 23-02 BOD either by securing it with Zero Trust Architecture or removing the device from the public internet.
Tom Kellermann, SVP of Cyber Strategy at Contrast Security, told Spiceworks, “This represents a huge attack surface. The CISA Binding Directive cannot come soon enough. Federal Agencies must comply immediately and conduct threat hunting to ascertain if intrusions have already occurred.â€
How can FCEB agencies ensure consistent compliance with CISA’s 23-02 BOD? Share your thoughts with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!
Image source: Shutterstock