{"id":14503,"date":"2022-02-23T17:23:39","date_gmt":"2022-02-23T16:23:39","guid":{"rendered":"https:\/\/www.boc.de\/watchguard-info-portal\/?p=14503"},"modified":"2022-02-24T12:23:41","modified_gmt":"2022-02-24T11:23:41","slug":"important-security-alert-for-all-watchguard-firebox-owners-english","status":"publish","type":"post","link":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/2022\/02\/important-security-alert-for-all-watchguard-firebox-owners-english\/","title":{"rendered":"IMPORTANT SECURITY ALERT for all WatchGuard Firebox Owners (English)"},"content":{"rendered":"<p>Zur deutschen \u00dcbersetzung geht es <a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/2022\/02\/wichtiger-sicherheitshinweis-fuer-alle-watchguard-firebox-betreiber\/\">&gt;&gt;hier<\/a><\/p>\n<p><strong>\u00dcber unser Ticketsystem <a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/supportinfos\/boc-supportticket-cyclops-blink\/\" target=\"_blank\" rel=\"noopener noreferrer\">&gt;&gt; Support-Ticket Cyclops Blink Botnet<\/a> k\u00f6nnen Sie eine Support-Anfrage erstellen.<\/strong><\/p>\n<p>Working closely with the FBI, CISA, DOJ, and UK NCSC<sup>1<\/sup>, WatchGuard has investigated and developed a remediation for Cyclops Blink, a sophisticated state-sponsored botnet, that may have affected a limited number (estimated at ~1%) of WatchGuard firewall appliances. WatchGuard customers and partners can eliminate the potential threat posed by malicious activity from the botnet by immediately enacting WatchGuard\u2019s 4-Step Cyclops Blink Diagnosis and Remediation Plan. It is critical for all customers, whether infected or not, to upgrade the appliance to the latest version of Fireware OS.<\/p>\n<p><!--more--><\/p>\n<h3>Scope of Potential Impact:<\/h3>\n<p>Based on our own investigation, an investigation conducted jointly with Mandiant, and information provided by the FBI, WatchGuard has concluded the following:<\/p>\n<ul>\n<li>Based on current estimates, Cyclops Blink may have affected approximately 1% of active WatchGuard firewall appliances; no other WatchGuard products are affected.<\/li>\n<li>Firewall appliances are not at risk if they were never configured to allow unrestricted management access from the internet. Restricted management access is the default setting for all WatchGuard\u2019s physical firewall appliances.<\/li>\n<li>There is no evidence of data exfiltration from WatchGuard or its customers.<\/li>\n<li>WatchGuard\u2019s own network has not been affected or breached.<\/li>\n<\/ul>\n<h3>Detecting, Remediating, and Preventing Cyclops Blink Infection:<\/h3>\n<p>WatchGuard, supported by the FBI, CISA, NSA<sup>2<\/sup>, and the UK NCSC, recommends that all customers immediately enact the 4-Step Cyclops Blink Diagnosis and Remediation Plan available\u00a0<a href=\"https:\/\/techsearch.watchguard.com\/KB?type=Article&amp;SFDCID=kA16S000000SNyiSAG&amp;lang=en_US\">here<\/a>. The plan outlines simple and easy-to-use Cyclops Blink detection options in WatchGuard System Manager, WatchGuard Cloud, and a new Web Detector tool.<\/p>\n<p>Remediation steps are only necessary if you have an infected appliance; however, the future protection steps are applicable to\u00a0<em>all<\/em>\u00a0customers.<\/p>\n<p><strong>Visit\u00a0<\/strong><a href=\"https:\/\/detection.watchguard.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">detection.watchguard.com<\/a><strong>\u00a0to review and enact the 4-Step Cyclops Blink Diagnosis and Remediation Plan now.<\/strong><\/p>\n<p>Please see the\u00a0<a href=\"https:\/\/www.ncsc.gov.uk\/news\/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter\" target=\"_blank\" rel=\"noopener noreferrer\">joint government advisory<\/a>\u00a0issued by the FBI, CISA, NSA, and the UK NCSC.<\/p>\n<p>Our\u00a0<a href=\"https:\/\/www.watchguard.com\/wgrd-news\/blog\/important-detection-and-remediation-actions-cyclops-blink-state-sponsored-botnet\" target=\"_blank\" rel=\"noopener noreferrer\">corporate blog post<\/a>\u00a0includes additional information and updates about the botnet.<\/p>\n<h3>New releases are now available to support the prevention step<\/h3>\n<p>WatchGuard System Manager 12.7.2 update 2 is available to support all appliances and includes the detection tool that can be run against multiple appliances.<\/p>\n<p>Fireware\u00a012.7.2 Update 2 (<a href=\"https:\/\/www.watchguard.com\/support\/release-notes\/fireware\/12\/en-US\/EN_ReleaseNotes_Fireware_12_7_2\/index.html\" target=\"_blank\" rel=\"noopener noreferrer\">Release Notes<\/a>) is available for:<\/p>\n<ul>\n<li>T Series: T20, T40, T55, T70, and T80<\/li>\n<li>M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800<\/li>\n<li>FireboxV and Firebox Cloud<\/li>\n<\/ul>\n<p>Fireware 12.5.9 Update 2 (<a href=\"https:\/\/www.watchguard.com\/support\/release-notes\/fireware\/12\/en-US\/EN_ReleaseNotes_Fireware_12_5_9\/index.html\" target=\"_blank\" rel=\"noopener noreferrer\">Release Notes<\/a>) for:<\/p>\n<ul>\n<li>Firebox T10, T15, T30, T35, T50,\u00a0M200, M300<\/li>\n<\/ul>\n<p>Fireware 12.1.3\u00a0Update 8 (<a href=\"https:\/\/www.watchguard.com\/support\/release-notes\/fireware\/12\/en-US\/EN_ReleaseNotes_Fireware_12_1_3_U7\/index.html\" target=\"_blank\" rel=\"noopener noreferrer\">Release Notes<\/a>) for:<\/p>\n<ul>\n<li>XTMv, 850, 860, 870,1520, 1525, 2520<\/li>\n<li>XTM 25, 26, 33, 330, 515, 525, 535, 545, 810, 820, 8301050, 2050 \u2013 Given the criticality of the issue, WatchGuard has also released a build for appliances that are now past End of Life. Customers still running these appliances may upgrade to this build with an expired support license.<\/li>\n<\/ul>\n<h3>How to upgrade<\/h3>\n<p>The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems, even for systems managed in WSM. Admins may also download the applicable packages from\u00a0<a href=\"https:\/\/software.watchguard.com\/SoftwareHome\" target=\"_blank\" rel=\"noopener noreferrer\">the WatchGuard Software Download Center<\/a>.<\/p>\n<p>As always,\u00a0<a href=\"https:\/\/www.watchguard.com\/de\/wgrd-support\/contact-support\" target=\"_blank\" rel=\"noopener noreferrer\">WatchGuard Support<\/a>\u00a0is available 24\/7 to support customers and partners as they implement these fixes.<\/p>\n<p><sup>1<\/sup>\u00a0Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Justice, and UK National Cyber Security Centre.<br \/>\n<sup>2<\/sup>\u00a0National Security Agency<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zur deutschen \u00dcbersetzung geht es &gt;&gt;hier \u00dcber unser Ticketsystem &gt;&gt; Support-Ticket Cyclops Blink Botnet k\u00f6nnen Sie eine Support-Anfrage erstellen. Working closely with the FBI, CISA, DOJ, and UK NCSC1, WatchGuard has investigated and developed a remediation for Cyclops Blink, a sophisticated state-sponsored botnet, that may have affected a limited number (estimated at ~1%) of WatchGuard firewall appliances. WatchGuard customers and partners can eliminate the potential &hellip; <a href=\"https:\/\/wordpress.boc.de\/watchguard-info-portal\/2022\/02\/important-security-alert-for-all-watchguard-firebox-owners-english\/\" class=\"more-link\">Weiterlesen <span class=\"screen-reader-text\">IMPORTANT SECURITY ALERT for all WatchGuard Firebox Owners (English)<\/span> <span class=\"meta-nav\">&raquo;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[445],"tags":[828,626,827,826,137],"class_list":["post-14503","post","type-post","status-publish","format-standard","hentry","category-aktuelle-nachrichten","tag-botnet","tag-cyber-security","tag-cyclop-blink","tag-security-alert","tag-update"],"_links":{"self":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/14503"}],"collection":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/comments?post=14503"}],"version-history":[{"count":13,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/14503\/revisions"}],"predecessor-version":[{"id":14697,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/14503\/revisions\/14697"}],"wp:attachment":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/media?parent=14503"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/categories?post=14503"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/tags?post=14503"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}