Yikes! The freshly-named “Ripple20” vulnerabilities have been discovered and targeted by hackers, endangering critical IoT devices belonging to major vendors in a wide range of fields including “medical, transportation, industrial control, enterprise, energy (oil/gas), telecom, retail, and commerce” (“Ripple 20”, JSOF). The vulnerabilities are in low-level TCP/IP software from Treck, Inc. Make sure you’re running top-of-the-line threat defense!
The first thing to do is make sure all devices are updated to the latest versions. For devices that can’t be patched, sometimes you will hear the suggestion of connecting them to the network only as necessary, but the hard truth is that any such device on the network is very vulnerable. To establish reliable security, you have a few options.
- The easiest to manage and most reliable option is to use virtual patch technology (such as EdgeIPS) to put a “shield” around unpatched devices
- Segment your OT network, using network segmentation to put devices into work group-based zones that can only interact with each other – EdgeFire is perfect for this project
- Use only the most secure methods of remote access – deny all unusual traffic, and implement deep packet inspection (also provided by EdgeIPS and EdgeFire)
More than 100 million devices stand to be affected by these vulnerabilities, many of which will enable hackers to execute code remotely. According to JSOF, “data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction”.
It’s important to remember that vulnerabilities such as this are a regular part of doing business, and hackers will find flaws in any system sooner or later. While keeping software up-to-date is one way to put a band-aid on this situation, the only way to be sure your network has sufficient defense against IIoT cyberthreats is to use technology like EdgeIPS™ and EdgeFire™ to segment your network, restrict privileges, and locate suspicious behavior as early as possible!
TXOne unveils its one-of-a-kind IoT/ICS Threat Atlas
Our threat-hunting systems inspect malicious traffic that our sensors detect, and categorize it by signature, which is then output on the Threat Atlas with information about what the most common attacks are at this time.
Stop ransomware attacks from spreading with network segmentation
Network segmentation: by creating smaller secured areas, or “segments”, within your perimeter firewall, you give the sensitive areas of your network additional protection and ease of management.
Beyond the attack event from Taiwan GSN
Microsoft published a news story on April 16th, 2020  where they told the story of working with Taiwan’s Ministry of Justice Investigation Bureau (MJIB) to shut down a major IoT-based cyberthreat: a botnet operating within Taiwan’s Government Service Network (GSN).
MQTT Series #2: Potential risks of exposed MQTT brokers
There are over 47,000 exposed MQTT (Message Queuing Telemetry Transport) brokers which can be connected to without authentication. Sniffing the contents of their messages is easy. Learn more about risks of exposed MQTT brokers and how to mitigate exposure.
MQTT Series #1: Usage of MQTT in Our IoT & IIoT world
Message Queuing Telemetry Transport, or MQTT, is a lightweight publish-subscribe-based message transport protocol. It’s ideal for use in machine to machine (M2M) and Internet of Things (IoT) contexts. MQTT is getting more popular as the world of IoT and IIoT (Industrial IoT) expands. Read this article to learn more about MQTT brokers and applications.