Censys has recently analyzed the attack surfaces of over 50 Federal Civilian Executive Branch (FCEB) organizations and sub-organizations. In the course of their investigation, the researchers detected several hundred devices that were publicly exposed and are yet to be secured according to CISA’s latest Binding Operational Directive (BOD).
Let’s talk numbers
Over 13,000 unique hosts were identified across 100+ autonomous systems associated with the entities.
- Nearly 250 instances of web interfaces for hosts exposing network appliances were found, with remote protocols such as SSH and TELNET in use.
- More than 15 instances of exposed remote access protocols (FTP, SMB, NetBIOS, SNMP) were discovered on FCEB-related hosts.
- More than 10 hosts had exposed directory listings, posing a risk of data leakage.
- Approximately 150 instances of servers running end-of-life software (Microsoft IIS, OpenSSL, Exim) were detected, increasing the attack surface due to the lack of security updates.
Moreover, software programs such as MOVEit Transfer, GoAnywhere MFT, and SolarWinds Serv-U managed file transfer were hosted across exposed servers.
The BOD necessitates
- All internet-exposed management interfaces on the networks of U.S. federal agencies must be secured within 14 days of detection, in accordance with the CISA's BOD 23-02.
- The agency has further announced its intention to conduct scans targeting devices and interfaces falling under the directive's scope. It will subsequently inform the respective agencies about its findings.
- To facilitate the remediation process, the CISA is prepared to offer technical expertise to federal agencies upon request. This support will involve conducting comprehensive assessments of specific devices and providing guidance on implementing robust security measures.
By adopting this proactive approach, the CISA aims to bolster the overall cybersecurity posture of federal agencies and enhance the protection of critical infrastructure.
The bottom line
Although the mandate specifically targets FCEB organizations, it is strongly advised that organizations of all sizes proactively undertake measures to identify and strengthen similar interfaces within their networks. These interfaces often present attractive opportunities for threat actors and, therefore, warrant increased attention and security measures.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/2b1d_shutterstock_2292513295_1.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/0ca8_shutterstock_1826416553.jpg)
