Guardicore - Yup, We Can See It Coming

Yup, We Can See It Coming

On December 17th, 2015 Juniper issued an advisory indicating that they had discovered unauthorized code in the ScreenOS software that powers their Netscreen firewalls. This advisory covered two distinct issues; a backdoor in the VPN implementation that allows a passive eavesdropper to decrypt traffic and a second backdoor that allows an attacker to bypass authentication in the SSH and Telnet daemons. There are speculations that the backdoor was installed by “State Sponsored” actors.  Shortly after Juniper posted the advisory, an employee of Fox-IT stated that they were able to identify the backdoor password in six hours. (So much for Government efficiency hiding their actions)

If anyone needs a proof that once a vulnerability is disclosed, it will be used in the wild, see the graph below. It is showing the detection rate of SSH-born attacks on one of our Data Center Security Suite sensors, deployed in a public cloud facing the internet.

The statistics screen is showing the rate of SSH attacks in the past two weeks.

SSH statistics from Guardicore

From Guardicore's
Resource Center

Managed threat hunting delivered by Guardicore Labs
Synchronize and automate security across your entire network.
 

Subscribe To Our Newsletter

No spam, we promise. We’re only going to send you insights on how to reduce risk in your data center and clouds.

See Centra in Action

Reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

See Guardicore Centra in Action

Schedule a demo customized to your specific security needs