September Device Threat Report

Below the Surface September 2020
Subscribe to Eclypsium’s Threat Report

As we head into the fall, both nation state actors and criminals alike continue to exploit vulnerable, exposed firmware on network and VPN devices. A US Federal Agency was just compromised per this CISA report, likely via a year-old Pulse Secure VPN firmware vulnerability. Meanwhile Chinese and Iranian attackers are leveraging similar internet-facing firmware vulnerabilities to gain initial footholds into Cisco and other network devices. CISA also published a much-lauded in-depth alert covering ways to find and remediate malicious activity, which we examine below at the firmware layer.

The BootHole vulnerability remediation effort resulting from significant coordinated disclosure efforts involving 18 organizations and over 100 people, is beginning to bear fruit: Concerted efforts by Oracle, Canonical, Microsoft, Red Hat, SUSE, Debian, VMware, CERT, and the NSA, highlight ways in which both OEM’s and government have addressed the challenge, with recommendations on how best to mitigate and remediate the significant risks associated with this now 2-month old vulnerability affecting the vast majority of all computing platforms and devices. The Eclypsium platform allows IT and Security teams to easily identify vulnerabilities and threats related to BootHole across an organization’s fleet of Windows and Linux devices. Contact us if you’d like more information.

Meanwhile, game hacking continues to both mimic and influence enterprise hacking by leveraging firmware and driver level attacks to subvert OS and application layer controls.

Finally, we look at the impact of what happens when a vendor mis-scores their own CVE, and the effect that has on vulnerability management. Hint: it isn’t good.

Applying Lessons From CISA to Your Firmware

The Cybersecurity and Infrastructure Security Agency (CISA) recently published alert AA20-245A, Technical Approaches to Uncovering and Remediating Malicious Activity. The alert serves as a playbook for security incident investigations based on the collective real-world findings of several contributing nations including the United States. We examine the implications for firmware and hardware security. Read blog post >

Ready Player One: What Firmware Gaming Cheats Mean For Enterprise Security

Some recent gaming cheats show that gamers have arrived at the same conclusion as malware and cybersecurity adversaries — one of the best ways to attack the application layer without getting caught is through the firmware. Read blog post >

The Subjective Nature of a CVSS Score – A CISO Perspective
During a recent internal threat modeling exercise, Eclypsium discovered that a vendor had mis-scored a few related firmware vulnerabilities across a consumer/enterprise grade product line, presenting them as a CVSS severity of Medium when our understanding of the issue resulted in a High. Eclypsium’s CISO, Steve Mancini, discusses the impact this can have on risk and vulnerability management systems that depend on accurate CVSS scoring. Read article >

Bug Icon

THREATS IN THE WILD

INDUSTRY NEWS

SECURITY ADVISORIES

SECURITY RESEARCH

Tools

WEBINAR

Webinar: Down The Rabbit Hole – Attackers Moving Down As We Move Up

Eclypsium’s Scott Scheferman discusses the reasons why attackers are going further down the rabbit hole in order to gain footholds and persist below the surface of the security stack. He shares recent examples of incidents involving such tactics and explores the challenges of addressing this trending attack vector.  Join us>