Cybersecurity researchers from Censys has found hundreds of computer endpoints belonging to various Federal Civilian Executive Branch (FCEB) organizations are breaking CISA’s rules on security.
As such, they represent a huge risk and could be targeted with malware, ransomware, data exfiltration, identity theft, and various other forms of cybercrime.
The Cybersecurity and Infrastructure Security Agency (CISA) recently published the Binding Operational Directive, a new directive that discusses how Federal agencies and other departments are to safeguard employee, contractor, and user data.
Two weeks to comply
These organizations, which count more than 50, have 14 days after being notified of the fallacy, to remedy the issues and secure their devices, it was said.
In total, more than 13,000 individual hosts are exposed to Internet access, which are distributed across more than 100 systems. Breaking the numbers down, the researchers found 1,300 Internet-exposed hosts can be accessed via IPv4.
“We discovered nearly 250 instances of web interfaces for hosts exposing network appliances, many of which were running remote protocols such as SSH and TELNET,” the researchers said. “Over 15 instances of exposed remote access protocols such as FTP, SMB, NetBIOS, and SNMP were also found running on FCEB-related hosts.”
The researchers also found a number of servers with apps such as MOVEit, GoAnywhere MFT, and SolarWinds Serv-U, all of which are managed file transfer services that have been previously abused to steal sensitive data. Dozens of major companies were affected in recent times by these incidents.
Roughly a dozen of hosts have exposed directory listings which could result in data leaks. Some were hosting Barracuda Email Security Gateway appliances which were also recently targeted with zero-day attacks.
CISA said it will soon scan for vulnerable endpoints and notify the owners of the results. Furthermore, the agency will offer its IT experts to help affected organizations remedy their issues.