The US government, specifically the NSA, FBI and CISA, have issued explicit warnings that hackers working for China have been attempting to exploit known vulnerabilities in network devices in an attempt to steal credentials and control network traffic.
Over the last few years, 16 critical vulnerabilities were reported for network devices from companies such as Cisco, Fortinet, Netgear, MikroTik, Pulse Secure, and Citrix. The Chinese hackers are combing the internet for unpatched devices in small business routers, network attached storage (NAS) devices, and enterprise VPNs that they can use to get a stronghold in home or office networks, and work their way up from there.
The hackers do not need to use their own malware or code and can just use the publicly available exploit code on unpatched systems. They are also using open-source software exploit frameworks for routers to scan for vulnerabilities in internet-facing devices.
Ensure your organization is not exposed. US government agencies have made these recommendations, which are worth noting for all instances of compromised software:
- Patch all affected devices
- Remove or isolate compromised devices from the network
- Replace end-of-life hardware
- Disable unused or unnecessary services, ports, protocols, and devices
- Enforce multi-factor authentication (MFA) for all users, without exception.
Our analysts at Centraleyes recommend you implement a solid vulnerability management program to constantly stay ahead of known exploited vulnerabilities, patch them as soon as possible, and continuously monitor the mitigating security controls for their effectiveness.
Start Getting Value With
Centraleyes for Free
See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days