CISA Warning Activated by Firewall Bug
Table of Contents
- By Steven
- Aug 26, 2022
Digital miscreants are currently ambushing PAN-OS. The Palo Alto Networks' creation is undergoing immediate patching. The software that runs the firewalls is being attacked, spurring the United States Cybersecurity and Infrastructure Security Agency, or CISA for short, to warn both government digital security specialists and those who work for the public to implement fixes. Federal agencies are advised that they should remedy the patch by the second week of September at the latest.
What is the Background of the Warning, and Why Should Businesses Care?
Palo Alto Networks implemented a quick repair for the bug, considered to be of high severity. The bug officially referred to as CVE-2022-0028, was addressed earlier this month. The bug was prone to exploitation by threat actors.
The flaw can be taken advantage of by remote hackers to execute unique denial-of-service (DoS) attacks of the reflected variety. This approach ensures there is no need to authenticate the targeted systems, meaning it could easily be replicated if hackers want to shift their focus to your business or computer.
How is the Flaw Exploited?
According to representatives from Palo Alto Networks, the group responsible for maintaining the flaw, it is only possible to exploit it on specific systems and when certain conditions exist. The company's spokesperson also noted that the susceptible systems are not a component of a firewall configuration.
Subsequent aggressions designed to exploit the weakness have the potential to occur, yet they have not. There is also the potential that such attacks have occurred, and the public has not been notified yet.
Has the Bug Been Highlighted for Posterity's Sake?
Indeed, CISA has added the bug to the list of Known Exploited Vulnerabilities, also referred to as the KEV catalog. The bug was added to the list this past Monday. The catalog is best described as a carefully structured collection of weaknesses susceptible to exploitation in what digital security professionals refer to as in the wild, meaning on publicly connected computers after extensive development.
The KEV catalog is a list that the agency recommends parties in both the private and public sectors pay attention to facilitate remediation and decrease the chances of successful breaches down the line. Readers are encouraged to learn more about the industry’s latest digital security threats and protections.
What are Amplification and Reflective DoS Attacks all About?
DDoS attacks have gradually evolved as time has progressed. Volumetric attacks have rapidly increased in recent years. In particular, the magnitude of volumetric attacks has increased. Online miscreants are using specialized amplification and reflection attack strategies to take advantage of protocols, including CLDAP, SSDP, DNS, and NTP, for optimal impact. Though these attacks are not novel, they have become much more common in recent years.
Successful DDoS attacks knock businesses off the web, take a chunk out of revenue and steer customers toward the competition. Amplified and reflective varieties of these attacks have the potential to generate that much more disruptive traffic. Such an attack empowers adversaries to maximize the harmful traffic that occurs when concealing the initial points of the traffic used to levy the attack.
The cyber attack used in the Palo Alto Networks example described above occurs when a miscreant transmits spoofed SYN-style packets switching out the original IP address with that of a victim. A victim who fails to respond triggers the retransmission of the packet, spurring the aforementioned amplification. The hackers altered the amplification of the aggression by retransmitting SYN=ACK through reflection, maximizing the impact even more.