US Government’s Cybersecurity and Infrastructure Security Agency released a warning regarding cyberattackers use of unencrypted cookies managed by the F5 BIG-IP Local Traffic Manager, by which they gather information about private networks. In this manner, these attackers identify the internal, non-public devices through the use of this cookie, thereby potentially targeting the vulnerabilities on that network. While CISA does not disclose who is behind this attack and for what reasons, the activity surely indicates serious threat potential to organisational security.
Confidence and Data Integrity Exposed
According to CISA’s advisory, these cookies would probably allow attackers to understand the network structures and discover some areas where the attack can be performed. It is true that cybersecurity has compared with physical security, some delicate balances of trust on which companies dealing with sensitive information depend. The attackers may go through the data contained in these cookies while studying it and realise and use key resources in a network to escalate access or tamper with data.
Recommendations for the Protection of F5 BIG-IP Cookies
CISA recommends that all the organisations that use the F5 BIG-IP equipment encrypt those cookies. The encryption can be set up on these devices through HTTP profile settings so it can act as an added layer of protection against unauthorised access. CISA further recommends use of the BIG-IP iHealt
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.