A scan has revealed that more than 266,000 F5 BIG-IP instances are accessible from the internet due to the security breach disclosed earlier this week. Almost half of these devices are located in the United States, accounting for more than 142,000 IP addresses.
F5 recently released security updates, including for the exploited vulnerability in BIG-IP. The US CISA required all federal agencies to update their F5 technology before October 22.
F5 BIG-IP products are found virtually everywhere in corporate networks. They provide load balancing, firewalls, and access control for critical applications. The fact that hundreds of thousands of these systems are now publicly visible makes them attractive targets for cybercriminals.
The spread shows how widespread F5 technology is. Given that Chinese state hackers are the main suspects in the data breach, these figures carry extra weight. Source code and unknown vulnerabilities may have fallen into the wrong hands.
Global spread revealed
Internet watchdog Shadowserver is currently tracking 266,978 IP addresses with an F5 BIG-IP signature. In addition to the American systems, there are approximately 100,000 devices in Europe and Asia. Specifically for the Netherlands, this involves 3,800 exposed systems.
These figures illustrate the enormous scope of the F5 security incident that became known earlier this week. The security company reported that state hackers had accessed their BIG-IP product development environment for months.
Organizations worldwide now face the challenge of quickly patching their BIG-IP systems. With more than a quarter of a million devices online, the potential impact of any attacks is enormous. With 3,800 exposed systems, the Netherlands must also take action.