As noted in a previous Helical blog, escalating tensions between the US and Iran have continually resulted in a series of state-sponsored cyberattacks. This trend holds true as tensions flare once again between the two nations. On August 20, 2020 the US demanded that the UN re-impose sanctions on Iran that were laxed as a part of the now defunct 2015 nuclear deal. 10 days prior to this announcement, ZDNet reported that a recent FBI alert warning of an unnamed elite group of Iranian sponsored attackers has been identified as Fox Kitten. The private security researchers who spotted the group called them the “spear-tip” of Iran’s attack strategy. Their goal is to create a beachhead from which other Iranian attackers can launch related efforts.
Fox Kitten primarily targets high end networks by seeking to exploit recently patched vulnerabilities before organizations have time to deploy remediations. This round of attacks has focused on a Remote Code Execution (RCE) vulnerability found in BIG-IP, a networking device built by F5 Networks. Any organizations using a BIG-IP device could be at risk, and private security researchers have already confirmed two successful breaches by Fox Kitten.
With a new wave of state-sponsored cyber-attacks seemingly just beginning, organizations need to protect themselves sooner rather than later. Attackers like Fox Kitten can find the success they do because too many organizations fail to deploy patches in an effective manner. Whether due to a lack of security resources or control over devices, patches can often go weeks without being fully implemented. This results in vulnerabilities remaining a threat to network infrastructure long after they have been remediated.
To defend against Fox Kitten‘s strategy, prioritize your patch compliance. Ensure that all core infrastructure is kept up to date and communicate with employees about keeping their endpoints compliant.
Take control of patch and configuration management with Helical’s new OverWatch technology. OverWatch lets you actively keep track of configuration status on all network endpoints and coordinate patch deployment efforts.
To learn more and see if OverWatch is right for you, contact Helical today!