The start of this year has seen a handful of infrastructure-level vulnerabilities impacting cloud-native organizations, such as Log4j and Pwnkit. Continuing that trend is Dirty Pipe, a vulnerability that takes place in the Linux kernel. Dirty Pipe allows for overwriting data in arbitrary read-only files, which can lead to privilege escalation by injecting code into root processes.
Given that bad actors can leverage Dirty Pipe to cause damage from the infrastructure level, this can present a problem for a lot of enterprises. But with a comprehensive view of the full environment, vulnerabilities like these can be properly managed as they emerge.
The Problem with Defending Against Dirty Pipe
Many organizations that are undertaking digital transformation efforts are focused on “modernizing” their key business applications, according to F5’s State of Application Strategy Report. We’re seeing our customers increasingly investing in microservices-based infrastructure to run these applications, because they deliver strong benefits like greater agility and pace of innovation.
Consistent with this push to modernize applications, we’re also seeing more of a need for application protection. Last month, F5 addressed this with the release of the F5 Distributed Cloud WAAP, giving customers a host of tools to protect at the application layer like Bot Defense or Advanced WAF. This solution gives our customers the ability to block attacks from impacting the organization by accessing key business applications.
The trouble with vulnerabilities like Dirty Pipe (and other recent exploits such as Pwnkit or Log4j) is that simply blocking bad actors from accessing the application layer using tools like Distributed Cloud WAAP isn’t enough when the targeted attack exposes weaknesses at the infrastructure level. Applications are only as secure as the cloud-native infrastructure they run on, so to defend against an exploit like Dirty Pipe, customers need to have protection for the infrastructure itself. With the acquisition of Threat Stack, F5 is ideally positioned to offer this capability as well.
Threat Stack monitors all layers of the cloud-native infrastructure stack—from the cloud management console, hosts, container, and orchestration—for behaviors that indicate attackers have gained access to the infrastructure. Threat Stack then provides the necessary observability for customers to proactively and quickly take targeted action to remediate threats to this layer. Combined with F5, customers can secure their modernized applications with a comprehensive view of threats to both the application and the infrastructure levels.
How Threat Stack Helps with Dirty Pipe
For Dirty Pipe specifically, Threat Stack customers immediately benefited from Oversight, Threat Stack’s 24/7/365 Security Operations Center (SOC) monitoring and expertise. Much like with Log4j and Pwnkit, the team began looking across the entire customer base for indications of Dirty Pipe to determine how we could best support our customers.
After executing threat hunting and researching expert third-party sources, we determined that much like with Log4j, Threat Stack detects post-exploit activity specific to this vulnerability. Threat Stack’s out-of-the-box rules are set to observe and alert on any indicators of compromise that show activity of Dirty Pipe within a customer’s environment.
We’re continuing to track how Dirty Pipe might impact our customers, much like we do for Log4j, Pwnkit, and others. But the larger story here is that attacks can happen uniquely at the infrastructure level, and to keep modernized applications secure, you need to have a view of those attacks. At Threat Stack and F5, we’re committed to doing just that.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...