mentioned.fm

Cyberoam

Mentioned 4 times across 1 podcast this week

This Week's Pulse

Cyberoam has been under the spotlight on Darknet Diaries as investigators trace a legacy of security failures following the firm's 2014 acquisition by Sophos. The discourse centers on a critical source code theft that compromised the infrastructure of the acquired firewall provider.

Host Jack Rhysider highlights the severity of the intrusion, noting, "And it was this newly acquired Cyberoam network which was the victim of this attack. Someone had gotten into Cyberoam and was looking for their source code and found it for one of their products." This theft provided a blueprint for threat actors to identify deep-seated vulnerabilities.

Providing the technical forensic perspective, Craig Jones explains the downstream impact on modern security, stating, "So Cyberoam was the company that Sophos bought, and their product became the XG Firewall. So when back in 2018, we're talking about how the threat actors had stolen the source code, you know, they were using some of that still to find additional vulnerabilities." The consensus across the show is that the integration of Cyberoam code into the XG Firewall created a lasting backdoor for attackers.

As the industry looks back, the focus remains on how the legacy of Cyberoam continues to inform our understanding of supply chain vulnerabilities. While the entity has reached its end-of-life, the forensic breadcrumbs left behind by the stolen source code remain a cautionary tale for any firm executing a high-stakes acquisition.

Where it's discussed

174: Pacific Rim

Darknet Diaries

Jack Rhysidernegativefrom “Sophos and Cyberoam Security Intrusions

A firewall provider acquired by Sophos that suffered a significant source code theft.

And it was this newly acquired Cyberoam network which was the victim of this attack. Someone had gotten into Cyberoam and was looking for their source code and found it for one of their products, which Craig and his team had to go clean up that intrusion.

Craig Jonesneutralfrom “Sophos Firewall Security Breach Analysis

A company acquired by Sophos whose source code was stolen and used to facilitate cyberattacks.

Well, it turns out that the Cyberoam code is the predecessor to the XG Firewall code. So Cyberoam was the company that Sophos bought, and their product became the XG Firewall. So when back in 2018, we're talking about how the threat actors had stolen the sourc

Jack Rhysiderneutralfrom “Sophos Firewall Vulnerability Investigation

A company acquired by Sophos whose source code was stolen and used to identify vulnerabilities in Sophos products.

As the Sophos team investigated this more, they learned that whoever did this attack had to have really in-depth knowledge of Sophos firewalls. Like, there’s no way they should have discovered this bug unless they had access to the source code, which wasn’t pu

Jack Rhysidernegativefrom “The Pacific Rim Cyber Espionage Campaign

A product line that was discontinued following a security breach and exploitation by threat actors.

Wow, so after the threat actors found an exploit in the Cyberoam product and were actively exploiting that, Sophos just decided to kill that product altogether. Now, Andrew tells us it's because it was already on its way of being killed, but I don't want to di