Hundreds of US government devices are breaking new rules on security

News
By Sead Fadilpašić
published

CISA security directive sees federal firms having 14 days to comply

malware
(Image credit: Elchinator from Pixabay)

Cybersecurity researchers from Censys has found hundreds of computer endpoints belonging to various Federal Civilian Executive Branch (FCEB) organizations are breaking CISA’s rules on security. 

As such, they represent a huge risk and could be targeted with malware, ransomware, data exfiltration, identity theft, and various other forms of cybercrime.

The Cybersecurity and Infrastructure Security Agency (CISA) recently published the Binding Operational Directive, a new directive that discusses how Federal agencies and other departments are to safeguard employee, contractor, and user data.

Two weeks to comply 

These organizations, which count more than 50, have 14 days after being notified of the fallacy, to remedy the issues and secure their devices, it was said.

In total, more than 13,000 individual hosts are exposed to Internet access, which are distributed across more than 100 systems. Breaking the numbers down, the researchers found 1,300 Internet-exposed hosts can be accessed via IPv4.

Read more

> Second ransomware group reported exploiting GoAnywhere security flaw

> Procter & Gamble is the latest big GoAnywhere zero-day victim

> Check out the best firewalls around 

"We discovered nearly 250 instances of web interfaces for hosts exposing network appliances, many of which were running remote protocols such as SSH and TELNET," the researchers said. "Over 15 instances of exposed remote access protocols such as FTP, SMB, NetBIOS, and SNMP were also found running on FCEB-related hosts."

The researchers also found a number of servers with apps such as MOVEit, GoAnywhere MFT, and SolarWinds Serv-U, all of which are managed file transfer services that have been previously abused to steal sensitive data. Dozens of major companies were affected in recent times by these incidents. 

Roughly a dozen of hosts have exposed directory listings which could result in data leaks. Some were hosting Barracuda Email Security Gateway appliances which were also recently targeted with zero-day attacks. 

CISA said it will soon scan for vulnerable endpoints and notify the owners of the results. Furthermore, the agency will offer its IT experts to help affected organizations remedy their issues. 

 Via: BleepingComputer 

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.