Cyber defenders sound the alarm as F5 hack exposes broad risks

A more than year-long digital intrusion into cybersecurity company F5 (FFIV.O), publicized last week and blamed on Chinese spies, has defenders across the industry hunting for signs of compromise among the many corporate networks that use its products.

So far, little is known about the scope of the hack beyond statements from F5 that its source code and sensitive information about software vulnerabilities were stolen. The company’s website says it serves more than four in five Fortune 500 companies in some capacity, and U.S. officials have said that federal networks were among those targeted in the hack’s aftermath and have urged immediate action. That extensive presence alone has triggered widespread unease.

Several cybersecurity executives and analysts compared the hack at F5 to the extraordinary intrusion at the software company SolarWinds discovered in December 2020. That company, whose Orion software was used for network monitoring, became the unwitting springboard into a number of highly sensitive networks after its source code was tampered with. Around a dozen government departments were eventually breached in the wide-ranging spy operation.

While no other victims of the F5 breach have been publicly identified, cybersecurity firm Greynoise Intelligence, which monitors internet scanning and attack activity, has found hints that an unknown actor was searching out F5 devices on the internet starting about a month ago. Greynoise detected a major spike in scanning activity focused on F5 beginning in mid-September, according to Glenn Thorpe, the company’s senior director of security research and detection engineering.

To read the complete article see: Read More