4/6/2022
Dear Distributors,
On February 23, 2022 the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert (AA22-054A) announcing the identification of a new malware, referred to as Cyclops Blink. This malware exploits network devices, primarily small office/home office (SOHO) routers and network attached storage (NAS) devices.
Please be reassured that McCain controllers are not susceptible to this malware and there is no need for remediation. Cyclops Blink is not using vulnerabilities of Power PC Architecture or the Linux Operating System and its components that are typically found in McCain controllers. Cyclops Blink takes advantage of a weakness of the WatchGuard firmware update process that is used to perform operating system updates to their Firewall Appliances (Fireboxes). WatchGuard products are not installed on McCain Software firmware. In general, most controllers are not directly connected to the internet, the likelihood of a malware attack on any controller is relatively low.
Even though this is not a threat to McCain controllers, we will continue to monitor cybersecurity news threads, including CISA and its counterpart the United Kingdom’s National Cyber Security Center (NCSC). We will keep you updated with relevant alerts and remediation as necessary.
Sincerely,
Matt Zinn
Product Manager - Controllers & Embedded Software
760-734-5066
mzinn@mccain-inc.com
www.mccain-inc.com