NCSC Warns of SHOE RACK Malware Targeting FortiGate Firewalls

Article Highlights
Off On

The UK’s National Cyber Security Centre (NCSC) has sounded the alarm over a formidable malware known as SHOE RACK, raising red flags across cybersecurity communities. This malware exhibits alarming capabilities that exploit network protocols to infiltrate FortiGate 100D firewalls by Fortinet, pointing to a significant threat against enterprise network securities. SHOE RACK stands out for its use of DNS-over-HTTPS (DoH) and SSH protocols, allowing it to discreetly establish persistent backdoor access on compromised systems. The NCSC’s alert underscores the urgent need for updated security measures to counter such sophisticated threats.

SHOE RACK’s Sophisticated Evasion Methodology

The Power of Reverse Shells and TCP Tunneling

SHOE RACK’s most significant asset lies in its advanced evasion techniques that facilitate deep infiltration into network systems. It functions as a reverse shell tool that not only grants remote access to attackers but also enables them to tunnel through TCP, a crucial element for bypassing network security. By relying on legitimate network protocols, SHOE RACK effectively dodges many traditional security detectors, making it a particularly elusive adversary in cybersecurity environments. The combination of DNS-over-HTTPS and SSH protocols to perpetuate network infiltration marks a turning point in the complexity of malware designs, challenging defenders to innovate alongside adversaries.

Attacks focusing on FortiGate 100D firewalls illustrate SHOE RACK’s tactical approach toward exploiting perimeter defenses, which form critical parts of corporate network environments. Developing an understanding of these tactics is essential for cybersecurity teams aiming to thwart lateral movements and potential exposures within their networks. The malware’s sophisticated use of network frameworks suggests a meticulously calculated approach to cybersecurity breaches, pointing to a continuous evolution in malware sophistication and strategy.

Compromising Network Devices for Lateral Movement

SHOE RACK effectively targets perimeter network devices, demonstrating an adept ability to exploit vulnerabilities within corporate defenses. Such focus potentially allows attackers to move laterally across internal networks, increasing their control and access over critical infrastructure elements. This malware, developed using Go 1.18, integrates elements adapted from ‘NHAS,’ a well-known reverse SSH Go implementation, enhancing its potency and adaptability across varied environments. Distributed as a UPX-packed executable, its design allows for seamless deployment and operation within compromised systems.

One of the distinct characteristics of SHOE RACK lies in its unconventional use of the SSH protocol. The malware mimics an outdated ‘SSH-1.1.3’ version during a TCP/TLS connection, a tactic that confounds conventional detection tools. Detection is further hindered by the inclusion of both standard ‘session’ and non-standard ‘jump’ channels within its structure, optimizing its ability to carry out reverse SSH tunneling. This method enables persistent access even when primary channels become unavailable, illustrating a sophisticated grasp of adaptive network breaches.

Implications of SHOE RACK on Enterprise Security

Challenges in Detection and Response

The emergence of SHOE RACK highlights the pressing challenges faced by cybersecurity teams in detecting and responding to advanced threats. Traditional detection methods often fail against such cutting-edge malware, necessitating a reevaluation of security strategies to effectively identify anomalies. The malware’s behavior to blend seamlessly into legitimate traffic poses a substantial risk, requiring enhanced analytical tools and innovative detection protocols. Such strategies must prioritize adaptive learning and real-time threat intelligence to pinpoint suspicious activities within increasingly complex network architectures.

Enterprises must reevaluate their security postures, incorporating advanced threat intelligence solutions capable of identifying subtle deviations from normal network traffic. A proactive approach combining stringent perimeter defense measures with deeper network monitoring could potentially mitigate the impacts of this sophisticated malware. As attackers continuously refine their methods, a congruent evolution in defensive capabilities remains paramount for sustaining enterprise security.

Evolving Cybersecurity Measures

With the advent of SHOE RACK, there’s an undeniable call for the cybersecurity sector to reassess existing protocols and innovate beyond traditional defenses. The malware’s ability to leverage routine processes for nefarious purposes emphasizes the necessity for dynamic security solutions capable of adapting to rapidly changing threat landscapes. Continuous awareness and meticulous adaptation to emerging threats should be incorporated into both corporate and governmental strategies to safeguard sensitive information effectively. The NCSC’s warning serves as a reminder of the constant evolution within cyber threats, pushing toward a future where vigilance and unyielding adaptation become central to cybersecurity practice.

Ensuring Future Security

The presence of SHOE RACK within the cybersecurity landscape underscores the ongoing battle between attackers and defenders. Enterprises need to adopt cutting-edge security technologies and prioritize the continuous training of cybersecurity personnel to recognize and respond to evolving threats. By fostering collaboration between public and private sectors, there is potential to develop more comprehensive solutions capable of thwarting such sophisticated attacks. Investing in research and development to innovate defensive strategies will assist in building resilient infrastructures that can withstand the evolving threat landscape.

Moving Toward a Safer Cyber Environment

The UK’s National Cyber Security Centre (NCSC) has issued a stern warning about a newly identified malware, called SHOE RACK, which is causing significant concern across cybersecurity environments. This sophisticated threat has the ability to exploit network protocols to penetrate FortiGate 100D firewalls manufactured by Fortinet, creating a substantial vulnerability within enterprise networks. What sets SHOE RACK apart is its adept use of DNS-over-HTTPS (DoH) and SSH protocols, which enable it to establish covert and persistent backdoor access on systems it has compromised. The NCSC’s alert highlights an urgent call for organizations to update their security defenses to combat such advanced threats effectively. SHOE RACK’s emergence serves as a reminder of the evolving complexities and dangers in the cybersecurity landscape, underscoring the necessity for vigilance and proactive measures to safeguard sensitive digital infrastructure against relentless cyber threats.

Explore more

Is Your Financial Data Safe From Supply Chain Cyber-Attacks?

In an era defined by digital integration, the financial industry is acutely aware of the escalating threat posed by supply chain cyber-attacks. These attacks serve as reminders of the persistent vulnerability pervading modern financial systems, particularly when interconnected networks come into play. A data breach involving a global banking titan like UBS, through the exploitation of an external supplier, exemplifies

Can AI Revolutionize Gaming Animation?

In recent years, artificial intelligence (AI) has begun to redefine the boundaries of creative industries, especially in gaming animation, a field notorious for its complexity and resource demands. The advent of generative AI platforms promises to revolutionize how games are developed by offering unprecedented efficiencies in the animation processes. Traditional methods of motion capture (mocap) have dominated this domain for

Content Marketing Trends 2025: Trust, AI, and Data Storytelling

As the digital landscape continues to evolve, content marketing is undergoing significant transformations, paving the way for innovative strategies that prioritize trust, data storytelling, and artificial intelligence. A recent study by Statista, pulling insights from a survey of more than 300 marketing professionals in the United States, reveals that brands are adapting to this dynamic environment by focusing on new

How is Digitalization Revolutionizing Small Traders in Vietnam?

In Vietnam, digitalization has emerged as a transformative force reshaping the landscape for small traders and household businesses. The introduction of Government Decree No. 70/2025/ND-CP stands at the forefront of this digital wave, mandating that businesses in specific sectors earning over 1 billion VND annually adopt e-invoices integrated with cash registers. This change aligns with national efforts to formalize and

Is Digital Innovation Revolutionizing Indonesian Retail?

Indonesia’s retail sector is experiencing a profound transformation fueled by digital innovation and technological advancements, reshaping the landscape at an unprecedented pace. This revolution is marked by the integration of artificial intelligence (AI) and the implementation of omnichannel strategies that drive growth and enhance customer experiences. Industry leaders and experts gathered at the Retail Asia Summit – Indonesia to explore