Cybersecurity Insight

Emerging Cyber Threat – Juniper ScreenOS Backdoor

19 Jan

Nobody likes eavesdroppers, ESPECIALLY when the eavesdroppers are state-sponsored hackers, quite possibly from your own government.  While officially unconfirmed, the discovery of backdoors in Juniper’s ScreenOS, correlated with what we know about some of the NSA’s digital interdiction methods, indicate that they might have been involved.  NSA involvement or not, having any sort of unknown or unauthorized remote access to your environment (and your data) is the most serious threat you could encounter.

Researchers at Juniper, during an internal code review, discovered the presence of two pieces of unauthorized code in ScreenOS, the operating system that runs on most of their firewalls.  The two pieces of code turned out to be malicious, allowing backdoor access to their authors, but via different tactics.  One backdoor allows an attacker to gain administrator access via a hardcoded master password while another allows for passive decryption of VPN traffic.

In the case of the master password exploit, administrators can easily upgrade their Juniper firewall’s operating system to the latest version (that includes the patch) and that’s it.  However, the other backdoor’s ability to decrypt VPN traffic is much more troubling and indicates the involvement of state-sponsored hackers due to its reliance on existing wiretaps.  This vulnerability would also make it possible to decrypt stored Juniper VPN communications at a later date.  Just using the patch itself, its possible to reverse engineer the vulnerability and decode any traffic that an attacker has stored.

Impact on you

– With remote access, an attacker has nearly limitless options as far as what they could do; they could steal cardholder data or other PII, deploy additional malware to carry out other tasks, or just wreak havoc

– When your business relies on the ability to securely transmit information (banking, healthcare, defense) the inability to do so can bring production to a halt.  Potentially worse than that, your reputation could be ruined following a successful decryption of VPN traffic.

How Neovera Can Help

Does your organization want to see if this is happening in your environment? Contact Neovera at (866) 636-8372 or to demonstrate how our comprehensive Cyber Security Services can help with this type of threat and others.