RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Suricata

Product
Developers: Open Information Security Foundation (OISF)
Date of the premiere of the system: 2010
Branches: Information security
Technology: IS - Firewalls

Main article: Firewall

Suricata is a free IDS/IPS software toolkit released in 2010 by the Open Information Security Foundation (OISF), a non-profit group.

2024: Three Vulnerabilities Discovered

3 critical vulnerabilities were found in the Open source IPS module of Suricata (CVE-2a024-23839, CVE-2024-23836, CVE-2024-23837 according to the international classification). In 2023 alone, more than 300 million confidential documents were leaked to the public as a result of "gaps" in protection. The developer Suricata announced this on February 22, 2024.

Most domestic information protection tools use Suricata as one of the modules. It is used in solutions Diamond FW, Continent, Ideco, ICS server, TING, very common ME in Russia. There are more than a dozen thousand installations in the country. The discovered vulnerabilities have a very serious assessment, and their essence is not even disclosed in official sources (as always happens at first in order to reduce the speed of the emergence of means of exploiting vulnerabilities by attackers).

According to researchers from Ideco, exploitation of vulnerabilities can occur using a web page specially formed by attackers, during the processing of which arbitrary code will be executed on the system (with the rights of the IPS module in the system). It is especially dangerous that it is border firewalls that are vulnerable - in this way attackers can get a backdoor into the local network and nothing can stop them. It is worth noting that the backdoor is used by hackers in 21% of cyber crimes. Even more dangerous is that often, for better traffic filtering, these same devices decrypt HTTPS traffic, potentially allowing hackers to gain access to confidential information (including logins and passwords) and the ability to replace traffic (for example, data about the recipient of money transfers).

It is even harder for developers who do not use the "pure" Open source module (the updated version of Suricata has fixes for these vulnerabilities), but develop their own fork (their own developments based on the module code taken in the past) - in this case, fixing errors can take much longer, while exploitation of the vulnerability can be possible, although sometimes with a non-obvious attack vector. Those who use non-updated commercial products may have a problem. According to statistics, more than 75% of companies do not update software on time, which entails serious incidents related to hacking.

As of February 22, 2024, none of the domestic vendors, except Ideco, released "patches," the company said. The attackers do not have ready-made exploits. Perhaps in the future there will be settings that can reduce the vector of attacks.

The latest version of Suricata has fixed the discovered vulnerabilities. However, in order to protect the company's confidential information as much as possible, it is worth checking for the latest versions of all security systems.