Cybercriminals, if anything, are persistent. Advancing their tactics and strategies, constantly on the lookout for opportunities to bypass cybersecurity defenses and gain a foothold on systems where they might remain undetected.
Persistence is especially common of cybercriminal gangs and state-sponsored teams looking to use an advanced persistent threat (APT) approach.
All network devices are a target for cybercriminals searching for vulnerabilities to exploit. Attackers have targeted routers, VPN access gateways, IoT infrastructure and border firewalls. Load balancers are not exempt from this, given that load balancers are internet-facing and mediate user access to applications. Given this, it comes as no surprise that vulnerabilities are discovered in load balancers from all vendors.
Some vulnerabilities are more critical than others, and hardware of some load balancing vendors are more vulnerable than others to APT attacks.
A new report from the specialist firmware protection company Eclypsium pinpointed several vulnerabilities in hardware based F5 and Citrix load balancers. From the report:
“Eclypsium research has discovered two of the industry-leading load balancing devices can be easily repurposed as command and control systems, providing persistent access to both the devices themselves and their connected networks.
“The techniques used are within reach of an average attacker, utilize readily available open-source tooling, and are only detectable from the advanced administrative shell; they are invisible to the web management interface and restricted shell. Furthermore, by abusing built-in functionality, it is possible to retain access if devices are rebooted, patched, or wiped and restored from backup.”
Eclypsium researchers investigated the persistence opportunities that attackers could have when targeting F5 and Citrix hardware load balancers, and did this in response to the disclosure of three critical vulnerabilities facing these load balancing vendors: (CVE-2019-19781, CVE-2020-5902 and CVE-2022-1388).
In its report, in which Eclypsium details the techniques used, the researchers outline how they were able to compromise the F5 and Citrix hardware load balancers and enable their malware to be persistent across reboots and resets. You can read the full report here.
Note the intent of this posting is not to disparage F5, Citrix or any other load balancing vendor. Cybersecurity is an ongoing process and there will be bugs and vulnerabilities for all vendors—and that includes Progress Kemp LoadMaster. You are encouraged, regardless of which vendor solution you use, to follow for security updates and patches.
Progress regularly publishes updates directly on its website. You may find several sources of information on LoadMaster security, configuration advice and release notes.
LoadMaster can play a pivotal role in a broader cybersecurity defense strategy for organizations of all sizes—from small to enterprise, and everything in between. Whether your infrastructure is on-premises, through a single cloud provider, distributed across a multi-cloud infrastructure or hybrid cloud setting, LoadMaster features and functionalities can quickly and easily boost your cybersecurity posture.
Learn more about how LoadMaster secures applications, including information on DDoS protection, web application firewall security and more. Please view any of the referenced blogs below to learn more about LoadMaster security capabilities and optimizations.
Maurice McMullin was a Principal Product Marketing Manager at Progress Kemp.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.Learn More
Subscribe to get all the news, info and tutorials you need to build better business apps and sites
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.