We Don’t Just Patch – We Hack
By Douglas McKee · February 1, 2023
If you have read any security advisories, technology news articles or even our very own Bug Report, you have continually been bombarded with the message to patch, patch, patch! Patching is critical to protecting our infrastructure and we will continue to push this mantra, however, to truly slow down and stop our adversaries we must be able to “hack,” or discover vulnerabilities, long before them. This is the mission of the vulnerability team within the Trellix Advanced Research Center. Today we release research on vulnerabilities discovered on Cisco edge devices (and yes, you should patch!). This is next in our series of research into edge devices, and we’ve found bugs affecting users at all levels – consumer, small business and now, enterprise.
Why are so much time and resources spent by a security vendor on vulnerability discovery on edge devices? Simply put – we care because the bad guys care and they care on all fronts. While as an industry we are often tempted to focus solely on large enterprises that help run our everyday lives or protect sensitive information, we can be reminded by the actions of threat actors that every consumer device can be turned into a botnet pawn which can be used against every enterprise. This makes performing research on even the simplest devices acutely important to our overall security picture. This even applies to end-of-life (EOL) or older routers as CISA continues to report vulnerabilities in these devices are being used by threat actors. This is why you see our team not only researching consumer edge devices, but also using simpler EOL devices to provide free training to empower others in the industry to learn the techniques required to perform vulnerability research. This theme holds true with additional advisories from CISA about People’s Republic of China (PRC)-linking state-sponsored exploitation of network devices typically used in Small Office and Home Office (SOHO) and enterprise settings, guiding our focus on DrayTek and now Cisco devices.
Over time, the conversation around supply chain attacks has exploded and we now discuss everything from hardware and software, to vulnerabilities and third-party libraries; but early on routers and other networking equipment were the limited focus of supply chain conversations. Why? It is very common for this type of equipment to pass through third-party handlers or distributors before making it to the end user. This even includes companies outside of the manufacturer performing configuration for the customer. This opens an additional attack vector that hasn’t always existed for other software and hardware, and holds true for consumers, small businesses, and enterprises still today. Is it possible that the PRC is paying the same tech-squad installer you are? While we have no evidence of this today, threat actors, especially nation-state-sponsored groups are known to go to extra lengths to gain the access needed to compromise or affect the global economy. Vulnerabilities like the ones reported in our releases would make it simple for a malicious third party to gain complete access to an organization before a device is ever installed.
Edge devices exist in every networking implementation across all industries. One vulnerability can affect the medical, oil and gas, technology, education, retail industries and more. This makes them a high-value target for attackers and subsequently a strong focus of our research team. At Trellix we suffer from the same threats as the larger industry and our customers meaning we too must patch in a timely manner for all discoveries. But just patching isn’t good enough. Waiting for a nation-state to discover the next big edge device zero-day and release it on social media isn’t a mitigation strategy we want to exercise. So instead, we engage in the soulful work of trying to identify the most impactful targets across all domains and industries and look for new vulnerabilities. Simply put – we hack.
Mar 15, 2023
Trustwave and Trellix Announce Strategic Partnership to Deliver Best-in-Class Managed Detection and Response to Protect Global Organizations
Feb 22, 2023
Trellix Finds LockBit Ransomware Gang Most Apt to Leak Stolen Data
Feb 8, 2023
Trellix Launches Xtend Global Channel Partner Program
Feb 6, 2023
President Biden Names Bryan Palma to National Security Telecommunications Advisory Committee
Jan 17, 2023
Trellix Endpoint Scores 100% Detection with Zero False Positives in Latest SE Labs Endpoint Security Test
The latest from our newsroom
The Bug Report – January 2023 Edition
By Jesse Chick · February 1, 2023
January began with a headache on a Sunday morning and, if you happen to be on the receiving end of this month's remote code excitement, it ended with one, too.
Cyberattacks Targeting Ukraine Increase at End of 2022
By Daksh Kapur, Tomer Shloman, Robert Venal and John Fokker · January 24, 2023
From malicious email and URLs to nation-state backed use of malware, cyberactivity continues to accompany kinetic military activity and social discontent.
Trellix to Lead the XDR Market
By Daniel Ramos · December 19, 2022
Recognition by the analytical firms and peer review programs in all the main XDR front-end components including EDR, NDR, SEG, CWWP, and DLP.
Get the latest
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.
Zero spam. Unsubscribe at any time.