Hundreds of Devices with Internet-Exposed Management Interfaces Found in US Agencies: Censys, an attack surface management firm, has discovered hundreds of devices within US federal agencies’ networks that have their management interfaces exposed to the Internet.
This poses significant risks and raises concerns about the security of these devices and the potential for malicious attacks.
Key Takeaways on Hundreds of Devices with Internet-Exposed Management Interfaces Found in US Agencies:
Table of Contents
- Censys identifies numerous devices in US federal agencies with internet-exposed management interfaces.
- The discovery raises concerns about the vulnerability of these devices and the potential for malicious attacks.
- The identified devices include routers, firewalls, VPNs, and remote server management appliances, some of which have known vulnerabilities targeted by threat actors.
Attack surface management firm Censys has conducted an analysis of over 50 federal civilian executive branch (FCEB) organizations and sub-organizations, revealing the presence of numerous devices within their networks that have management interfaces exposed to the internet.
This discovery raises significant concerns about the security of these devices and the potential risks they pose.
Scope of CISA’s Binding Operational Directive
A deep dive into a subset of approximately 1,300 accessible hosts via IPv4 addresses, out of the more than 13,000 distinct hosts across 100 autonomous systems, led to the identification of hundreds of devices falling within the scope of the Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive (BOD) 23-02.
This directive aims to assist federal agencies in securing their remotely accessible interfaces, which are often targeted by malicious actors.
Risk of Exploitation and Network Access
CISA emphasizes the increased vulnerability of these devices due to inadequate security measures, misconfigurations, and outdated software. The risk is further exacerbated when management interfaces are directly connected to the public-facing internet.
Threat actors specifically target certain classes of devices that support network infrastructures, aiming to gain full access to networks once these devices are compromised.
Identified Devices and Known Vulnerabilities
Censys conducted searches for various devices, including access points, firewalls, routers, VPNs, and remote server management appliances. Over 250 hosts with exposed interfaces running remote protocols such as SSH and Telnet were discovered.
Among these were Cisco network devices with exposed Adaptive Security Device Manager interfaces, Cradlepoint routers exposing wireless network details, and popular firewall solutions like Fortinet Fortiguard and SonicWall appliances.
The analysis also identified devices with exposed remote access protocols, managed file transfer tools, vulnerable software, and more.
Ongoing Threats and Consequences:
Threat actors frequently target vulnerabilities in devices such as Barracuda, Fortinet, SonicWall, and Cisco appliances. Known attacks on software like SolarWinds, GoAnywhere, and MOVEit have demonstrated the dire consequences of exploiting these vulnerabilities.
The discovery of devices with internet-exposed management interfaces in US federal agencies highlights the need for robust security measures and continuous monitoring to safeguard against potential malicious attacks.
Conclusion
The identification of hundreds of devices with internet-exposed management interfaces within US federal agencies’ networks raises serious concerns about their security.
It underscores the importance of implementing strong security measures, regularly updating software, and adhering to guidance like CISA’s BOD 23-02 to mitigate the risks posed by these vulnerabilities. Ensuring the protection of critical infrastructure and sensitive data is crucial in today’s threat landscape.
