Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.
Targeted F5 Vulnerability 'Update' Delivers Wiper to Israeli Victims
Files purporting to be an F5 vulnerability patch are deleting server contents.
Israel's National Cyber Directorate (NCD) has issued an "urgent warning" about a targeted email campaign impersonating F5 Networks that delivers a dangerous wiper malware.
The lure for the attack is a critical authentication bypass vulnerability in F5's BIG-IP, disclosed in late October. At the time, F5 said one way to resolve the vulnerability was to download and run a special shell script file on the BIG-IP system.
In the message, the attacker capitalized on this, informing the recipient that an attached file is the update for the vulnerability. The emails are sent from "cert @ f5.support," and the file is generically named "update.zip." The download actually contains a wiper that deletes any F5 servers that admins run it on, according to the agency's alert. The good news is that the malware is unable to move laterally from server to server, so the extent of any given attack is dependent on the admin running the file on multiple instances.
According to the analysis, the file identifier for each attack is unique to each victim, as is the URL to download the payload. The NCD said this will make identifying other attacks more difficult.
It was not clear how many detections there have been so far, or who has been specifically targeted.
Read more about:
DR Global Middle East & AfricaAbout the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024