Year-long F5 Hack Exposes Broad Risks
A shocking year-long digital intrusion into cybersecurity company F5 has sent shockwaves through the industry, leaving corporate customers on high alert and sparking widespread unease. The breach, which was publicly disclosed last week, is blamed on Chinese spies and has raised concerns that more disclosures are yet to come.
F5's extensive presence in the market, serving over four-fifths of Fortune 500 companies in some capacity, has made it a prime target for hackers. According to US officials, federal networks were among those targeted in the hack's aftermath, prompting an urgent call for immediate action. The company's website boasts that it serves many high-profile clients, including banks and law firms, making the breach all the more concerning.
The extent of the hack is still shrouded in mystery, with F5 revealing only that its source code and sensitive information about software vulnerabilities were stolen. However, cybersecurity experts are drawing parallels with a similar incident at SolarWinds discovered in December 2020. The software company's Orion software was used for network monitoring, becoming an unwitting springboard into highly sensitive networks after its source code was tampered with.
Around a dozen government departments were eventually breached in the wide-ranging spy operation, highlighting the devastating impact that such breaches can have on national security. Cybersecurity experts are warning that F5's low-profile but critical role in directing, managing, and filtering internet traffic makes it an attractive target for hackers.
Experts Weigh In: Comparing F5 to SolarWinds
"I'm not equating this to the SolarWinds attack, but I'm equating it to the fact that people never hear of it, but it's in everybody's network," said Michael Sikorski, chief technology officer at Palo Alto Networks' threat intelligence-focused Unit 42. "When we're talking about 80 percent of the Fortune 500, we're talking about banks, law firms, tech companies, you name it."
Bob Huber, chief security officer of Tenable, echoed Sikorski's sentiments, saying that while F5 has denied any modification to its software supply chain, there are signs that more unwelcome disclosures lie ahead. "We're waiting for the other shoe to drop," he said.
The Hunt for Signs of Compromise
Defenders across the industry are hunting for signs of compromise among the many corporate networks that use F5 products. While no other victims of the breach have been publicly identified, Greynoise Intelligence has found hints that an unknown actor was searching out F5 devices on the internet starting about a month ago.
"That implies someone somewhere knew something," said Glenn Thorpe, senior director of security research and detection engineering at Greynoise. "It's a clear indication that the hackers were well-organized and had access to significant resources."
The Aftermath: F5's Stock Plummets
The breach has sent shockwaves through the market, with F5's stock tumbling 12 percent last Thursday as the company published a host of fixes for previously vulnerable products. However, the stock rebounded slightly by the end of the week.
While the full extent of the damage is still unknown, one thing is clear: the F5 hack has exposed broad risks that will take time and effort to mitigate. As cybersecurity experts continue to dig deeper into the breach, they are warning that more disclosures may yet come.