Palo Alto Cyber Attack: What Happened & What’s Next? – Technologist

As a trusted technology and cybersecurity provider, this alarming development highlights the critical importance of rapid vulnerability management and proactive defence strategies. Recent cyber attacks on Palo Alto Networks firewalls demonstrate how quickly adversaries can weaponise disclosed vulnerabilities, underscoring the need for swift action.

What happened in the Palo Alto cyber attack?

Hackers have exploited two zero-day vulnerabilities in Palo Alto Networks firewalls, compromising over 2,000 devices worldwide. These flaws, CVE-2024-0012 and CVE-2024-9474, allow attackers to bypass authentication and escalate privileges, enabling root-level command execution.

The first vulnerability (CVE-2024-0012) was disclosed on November 8, when Palo Alto Networks advised customers to restrict firewall access due to a potential remote code execution risk. This was officially tagged last week. The second vulnerability (CVE-2024-9474), disclosed on November 18, amplifies the attack chain, facilitating more profound control over affected systems.

Key Observations of a Cyber Attack

  • Scope of the Attack: Shadowserver reports 2,700 vulnerable PAN-OS devices, with at least 2,000 already compromised.
  • Exploitation Techniques: Threat actors use chained exploits to bypass protections and deploy malware, often leveraging anonymous VPNs to obscure their activities.
  • Broader Risks: Palo Alto Networks’ Unit 42 threat intelligence team has expressed high confidence that the exploit chain is now publicly available, increasing the likelihood of widespread attacks.

A Pattern of Exploitation of New Cyber Attacks

This incident is not isolated but part of a concerning trend. Earlier this year:

  • July 2024: A vulnerability in the Expedition tool (CVE-2024-5910) allowed attackers to reset admin credentials on exposed servers.
  • Earlier in 2024, a maximum severity firewall vulnerability (CVE-2024-3400) actively exploited and impacted over 82,000 devices.

Mitigation and Next Steps of Cyber Attacks

Palo Alto Networks strongly advises immediate action:

Apply Patches: Update to the latest PAN-OS versions addressing these vulnerabilities.

Restrict Access: Limit firewall management interfaces to trusted internal IPs only.

Enhance Monitoring: Implement robust monitoring to detect unauthorised access and malicious activity.

Review Configurations: Ensure deployment follows Palo Alto Networks’ recommended guidelines.

What should your business do if affected by Palo Alto cyber attack?

This incident is a stark reminder of the speed at which threat actors can operationalise new vulnerabilities. Proactive patching, network segmentation, and vigilance are critical to reducing exposure.

As your cybersecurity partner, we are here to help you navigate these challenges and ensure your systems are protected. If your organisation uses Palo Alto Networks devices, now is the time to reassess your security measures and implement best practices to safeguard against evolving threats.

Contact Neuways for help with cybersecurity solutions

Your cybersecurity is only as strong as your weakest link – let’s work together to strengthen it. Call Neuways on 01283 753333 today to see how we can assist your business with its IT support and Cybersecurity needs.

Add a Comment

Your email address will not be published. Required fields are marked *