That didn’t take long.
Just days after enterprise IT provider F5 Networks disclosed critical vulnerabilities in its software, researchers say hackers have exploited one of the bugs in attempted intrusions.
“Starting this week and especially in the last 24 hours … we have observed multiple exploitation attempts against our honeypot infrastructure,” researchers from security firm wrote in a blog post Thursday. The situation escalated over the weekend, with proof-of-concept exploits posted to Twitter that make it easier to take advantage of the bug.
Government agencies and big corporations alike use the F5 software, known as BIG-IP, to manage data on their networks. The vulnerability documented by NCC Group could allow an attacker to execute code remotely on a system and delete data. It is one of a slew of BIG-IP flaws that F5 revealed on March 10. Security fixes are available.
“The attackers are hitting multiple honeypots in different regions, suggesting that there is no specific targeting,” Rich Warren, principal security consultant at NCC Group, wrote in an email. “It is more likely that they are ‘spraying’ attempts across the internet, in the hope that they can exploit the vulnerability before organizations have a chance to patch it.”
It was unclear whether the exploitation NCC Group observed went beyond the simulated “honeypot” networks erected by the firm to include intrusion attempts at other organizations. Nor was it clear who was exploiting the flaw. But the F5 vulnerabilities amount to another crucial security issue for organizations already dealing with the widespread exploitation of bugs in Microsoft Exchange Server.
Bad Packets, a Chicago-based threat intelligence provider, reported mass online scanning for the F5 vulnerability being exploited, as Bleeping Computer and Threatpost noted.
“We are aware of attacks targeting recent vulnerabilities published by F5,” Rob Gruening, a spokesman for F5, said in an email Monday. “As with all critical vulnerabilities, we advise customers update their systems as soon as possible.”
This is not the first time that F5’s BIG-IP software has been at the center of high-profile hacking attempts. The Department of Homeland Security’s cybersecurity agency said last July that it had responded to two hacking incidents at U.S. government and private-sector organizations that exploited a flaw in the software.
