#Infosec Alert: What the Shadow Broker 0-Day BenignCertain Means to You

Cisco PIX firewalls named along with other top-tier security devices in BenignCertain exploit from Shadow Brokers

Written by: Elliott Abraham, Senior Security Consultant at ADAPTURE

The central tenets of every information security program are intended to protect the Confidentiality, Integrity and Availability (CIA) of vital network resources. End users often entrust this critical responsibility to service providers, manufacturers, and those whom they have assigned the responsibility within their organizations. It goes without saying that most who have been entrusted with this responsibility, when given a choice, will choose technologies that will accomplish the task of protecting CIA firstly; they will not choose a solution that could cost them their jobs or reputation. We have all heard some form of the IT adage, “You will never get fired for buying (fill in the blank).” One company that often fills that blank has found itself at the center of an alarmingly important story: Cisco.

What is BenignCertain?

As recently reported on several reputable security publications, a 0-Day exploit by a group calling themselves “Shadow Brokers” was released, which purported to show how the NSA could compromise the confidentiality of Cisco PIX firewalls and decrypt VPNs. The exploit is code named BenignCertain. What does this exploit and other revelations mean to you and your network? Read on as we explore more about the group responsible, the exploit, and what you can do to protect your networks and find out if you are at risk.

What is Being Compromised?

VPNs, or Virtual Private Networks, are a method companies use to “securely” connect disparate networks via networking devices, often firewalls that create an encrypted tunnel. All communications via the VPN tunnel are encrypted and secured. This VPN technology has revolutionized the networking industry by enabling companies to establish connections over geographically dispersed areas using the untrusted internet, much in the same way costly point-to-point circuits were used in days gone by. The security of these VPN tunnels is often the strength of the encryption keys and the reliability of the security association negotiated by the disparate systems. Recently released documents by the Shadow Broker group reveal that for over a decade, the NSA had the ability to decrypt these tunnels and essentially snoop on the traffic that many thought was totally secure and impenetrable. The fact that Cisco PIX firewalls are at the heart of this story belies the fact that Cisco was not the only company vulnerable. In fact, there were many others vulnerable to this same type of exploit.

Am I Vulnerable?

Confidentiality and Integrity, the two main tenets of the Infosec Triad, have essentially been destroyed for networks protected by these affected firewalls. As a Senior Security Consultant at ADAPTURE, I realize that this is a very serious matter. I advise all of our clients to contact us to schedule a complimentary assessment to determine if your organization is vulnerable.