Eclypsium’s new integrity monitoring and threat detection capabilities help organizations protect from ransomware and state-sponsored threat actors using network infrastructure devices to establish initial access and persistence
Portland, OR – October 2, 2023 – Eclypsium®, the supply chain security company protecting critical hardware, firmware, and software in enterprise IT infrastructure, today announced new threat detection capabilities for network appliances to its Eclypsium supply chain security platform. Over the past summer, ransomware groups including Akira, CACTUS, FIN8, and LockBit have been observed attacking network appliances from a number of vendors, looking to evade endpoint security and maintain persistence within target environments. In addition, state-sponsored adversaries continue to target network devices, with the NSA and CISA recently issuing an advisory about the BlackTech group targeting network routers from multiple vendors.
“The number of remotely exploitable vulnerabilities that keep shipping in network appliances underscores weaknesses in the supply chain for enterprise IT infrastructure,” says Eclypsium CEO and co-founder Yuriy Bulygin. “Defenders cannot trust these appliances to ship securely by default, but should rather anticipate and mitigate their supply chain risk. Simply scanning for vulnerabilities doesn’t do much to help overloaded security teams in preventing ransomware and other threat actors getting in through or establishing persistence in network infrastructure devices. We believe this problem has to be solved differently.”
Ransomware groups are adept at evading detection, often targeting IT infrastructure systems such as network equipment that are often opaque to security tools. These devices offer wide network access for lateral movement within the target environment and can be maliciously configured to obscure C2 communications.
So far in 2023, there have been several ransomware campaigns exploiting vulnerabilities in network infrastructure:
- In August, LockBit and Akira exploited a zero-day vulnerability on Cisco VPN appliances
- In July, FIN8 installed webshells on nearly 2,000 unpatched Citrix NetScaler devices
- In June, Akira was discovered to be exploiting flaws in Fortinet VPN appliances
- In May, CACTUS was reported to be attacking unspecified vulnerable VPN appliances
The new capabilities added to the Eclypsium supply chain security platform detect ongoing compromise of network appliances including from Cisco, F5 Networks, Fortinet, and NetScaler, with appliances from more vendors being added. Specifically, the detections look for indicators of compromise on physical and cloud (virtual) versions of network appliances, such as changes to firmware and OS binaries, modified configuration and backup files, reverse shells, and persistence modules. These threat detection capabilities augment Eclypsium’s existing vulnerability and security posture assessment capabilities for these devices. More information about these capabilities is available on the Eclypsium blog.
To schedule a demo of the Eclypsium supply chain platform, visit www.eclypsium.com or email your Eclypsium representative at [email protected].
ABOUT ECLYPSIUM
Eclypsium’s cloud-based platform provides digital supply chain security for critical software, firmware and hardware in enterprise infrastructure. Eclypsium helps enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. For more information, visit eclypsium.com.
MEDIA CONTACT:
The post Eclypsium’s Supply Chain Security Platform Adds New Capabilities to Protect Network Infrastructure From Compromise appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.