HQ/EMEAFind out how we can help your business
According to researchers, over 50 Federal networks have internet-exposed management systems susceptible to malicious attacks. Based on reports, the researchers prioritised analysing 1,300 hosts that are available online and discovered that hundreds of devices within the management interfaces were exposed to the public.
The researchers explained that the exposed devices are not from the directive released in June by CISA that has the primary objective of lessening the risks associated with remotely accessible management interfaces.
CISA emphasised that the FCEB should take steps to reduce their attack surface from misconfigured management interfaces across certain classes of devices. On the other hand, the researchers scanned the Federal systems for publicly accessible remote management interfaces connected to networked devices, such as firewalls, VPNs, access points, and routers.
The researchers found about 250 web interfaces for hosts exposing network appliances. Most of the exposed tools operate remote protocols such as SSH and TELNET. Among these interfaces are various Cisco network tools with publicly disclosed Adaptive Security Device Manager interfaces, enterprise router interfaces exposing wireless network data, and many well-known firewall solutions.
The Federal networks also suffer from numerous instances prone to remote access protocols from threat actors.
The latest investigations revealed that the Federal networks obtain about 15 remote access protocols such as SMB, SNMP, NetBIOS, and FTP that run on hosts exposed by Federal Civilian Executive Branches.
These protocols have a lousy reputation since they are plagued by multiple security vulnerabilities that threat actors can exploit, infect, and acquire unauthorised remote access to government infrastructure.
The report also revealed that several out-of-bank remote server management devices, like the Lantronix SLC console servers, are publicly available despite CISA’s warning. These instances could inflict widespread damage since their out-of-band interfaces should never be directly accessible via the public internet.
Lastly, the study revealed that several federal civilian executive branches are utilising managed file transfer tools, such as GoAnywhere MFT, VanDyke VShell file transfer, MOVEit transfer, and SolarWinds Serv-U file transfer. Threat actors could easily target such devices that run on file management software.
Experts stated that these publicly available Federal networks should be addressed quickly to avoid compromise.
