U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to public and federal IT security teams to apply available fixes to software running Palo Alto Networks’ firewalls that are under active attack. Earlier this month, Palo Alto Networks issued a fix for the high-severity bug (CVE-2022-0028) that it says adversaries attempted to exploit. The flaw could be used by remote hackers to carry out reflected and amplified denial-of-service (DoS) attacks without having to authenticate targeted systems.
Affected Products and OS Versions
Affected products include those running Palo Alto Networks’ PAN-OS firewall software include PA-Series, VM-Series, and CN-Series devices. PAN-OS versions vulnerable to attack, with patches available, include PAN-OS prior to 10.2.2-h2, PAN-OS prior to 10.1.6-h6, PAN-OS prior to 10.0.11-h1, PAN-OS prior to 9.1.14-h4, PAN-OS prior to 9.0.16-h3, and PAN-OS prior to 8.1.23-h1.
Misconfiguration of PAN-OS URL filtering policy allows a network-based attacker to conduct reflected and amplified TCP denial-of-service attacks, the company said in an advisory.
The Configuration at Risk
The advisory describes the non-standard configuration at risk as the “firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external-facing network interface,” calling it “likely unintended by the network administrator.”
CISA Warning
On Monday, CISA added the Palo Alto Networks bug to its list of Known Exploited Vulnerabilities Catalog. The CISA Known Exploited Vulnerabilities (KEV) Catalog is a curated list of flaws that have been exploited in the wild. It is also a list of KEVs that the agency “strongly recommends” public and private organizations pay close attention to in order to “prioritize remediation” to “reduce the likelihood of compromise by known threat actors.”
Amplified and Reflected Denial-of-Service Attacks
Reflective and amplified denial-of-service attacks have become increasingly more common over the years. Distributed denial-of-service attacks continue to pose a significant challenge to businesses of all stripes. Unlike limited-volume distributed denial-of-service attacks, reflective and amplified denial-of-service attacks can produce much higher volumes of disruptive traffic.
An HTTP-based distributed denial-of-service attack sends junk HTTP requests to a target’s server, tying up resources and locking out users from using a particular site or service. A TCP attack, believed used in the recent Palo Alto Networks attack, is when an attacker sends a spoofed SYN packet, with the original source IP replaced by the victim’s IP address, to a range of random or pre-selected reflection IP addresses.
Recommendations
In light of the recent attack on Palo Alto Networks’ PAN-OS, the need for updated and secure network configurations has never been more vital. Companies that rely on PAN-OS should install the available patches and implement best security practices, such as isolating vulnerable systems, keeping operating systems up-to-date, and conducting regular vulnerability scans to identify potential threats. Additionally, network administrators should be vigilant in monitoring traffic, particularly HTTP requests and TCP traffic, for signs of unusual traffic flows or suspicious activity.
In conclusion, the vulnerability has once again exposed the urgent need for organizations to have robust security measures in place to protect themselves against growing cyber threats. Therefore, it is crucial that companies take proactive steps to safeguard their networks, and software vendors must quickly issue patches for identified vulnerabilities.
<< photo by Sigmund >>
You might want to read !
- The Ransomware Pandemic: Why These Cyber Attacks are So Lucrative and Difficult to Stop
- “Reflecting on the Journey of a Beloved Cartoon Character: Farewell to [Name That Edge Toon]”
- “Creating a Clear Framework: Strategies for Boards to Establish Cyber Risk Limits”
- “Building a Secure Future: 4 Principles for Developing Software in Today’s Landscape”
- Why Urgent iPhone Updates are Crucial to Fix Two Zero-Day Vulnerabilities
- Rising security concerns as hackers leverage an old-school weapon: the ‘Shift’ key to exploit npm packages
- Why the reluctance to report ransomware attacks is hindering the fight against cyberattacks
- “The looming threat: AI as a potential weapon of mass destruction”
- Bridging the Cybersecurity Divide: The Power of Public-Private Information Sharing
- Apple Releases Rapid Security Response Patch for Cyberattacks, Leaves Some Users Confused
- Why a Delaware Judge Thinks Facebook Should Keep Facing Shareholder Suit on User Data Privacy Breaches