Yikes! The freshly-named “Ripple20” vulnerabilities have been discovered and targeted by hackers, endangering critical IoT devices belonging to major vendors in a wide range of fields including “medical, transportation, industrial control, enterprise, energy (oil/gas), telecom, retail, and commerce” (“Ripple 20”, JSOF). The vulnerabilities are in low-level TCP/IP software from Treck, Inc. Make sure you’re running top-of-the-line threat defense!
The first thing to do is make sure all devices are updated to the latest versions. For devices that can’t be patched, sometimes you will hear the suggestion of connecting them to the network only as necessary, but the hard truth is that any such device on the network is very vulnerable. To establish reliable security, you have a few options.
- The easiest to manage and most reliable option is to use virtual patch technology (such as EdgeIPS) to put a “shield” around unpatched devices
- Segment your OT network, using network segmentation to put devices into work group-based zones that can only interact with each other – EdgeFire is perfect for this project
- Use only the most secure methods of remote access – deny all unusual traffic, and implement deep packet inspection (also provided by EdgeIPS and EdgeFire)
More than 100 million devices stand to be affected by these vulnerabilities, many of which will enable hackers to execute code remotely. According to JSOF, “data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction”.
It’s important to remember that vulnerabilities such as this are a regular part of doing business, and hackers will find flaws in any system sooner or later. While keeping software up-to-date is one way to put a band-aid on this situation, the only way to be sure your network has sufficient defense against IIoT cyberthreats is to use technology like EdgeIPS™ and EdgeFire™ to segment your network, restrict privileges, and locate suspicious behavior as early as possible!
The perimeter firewall offers little security in a post-IoT world
The firewall was developed for the internet as it existed more than two decades ago. In the modern world of IoT and handheld devices, the perimeter firewall is no longer capable of securing the work site network. In this week’s blog, learn a little about the evolution of the firewall and why every work site needs a next-generation firewall.
Protect patient outcomes and private information with Safe Lock
When patient outcomes and protected health information are on the line and the healthcare industry comes under the direct attention of APT groups, centers need straightforward and resilient defenses. For protecting fixed-use medical assets, trust list-based 4-in-1 lockdown software Safe Lock is an ideal solution.
TXOne researcher Ta-Lun Yen discovers high-severity vulnerability in Siemens’ SIMATIC HMI panels
Last week, TXOne Networks' Ta-Lun Yen discovered a vulnerability in a Siemens HMI that can be exploited by an intruder to cause serious disruption on a work site's network. Work sites running Siemens' SIMATIC HMIs can mitigate threat by patching to the latest version.
The Zero Day Initiative is #1 for finding and documenting new ICS vulnerabilities and exposures in 2020
TXOne Networks’ Virtual Patch technology is crucial to the defense of unpatched and legacy devices, and one of the lynchpins of Virtual Patching is the support of the Zero Day Initiative (ZDI). It’s our pleasure to announce that ZDI discovered the most ICS vulnerabilities and exposures for 2020!
Video: How hackers take control of ICS and SCADA systems
Our threat researcher Mars Cheng was invited to give a talk at SINCON about how hackers take control of ICS and SCADA systems. It gives a hands-on look at hackers’ methods, as well as showing the direct hardware damage an intruder can cause to disrupt operations, before closing with the key strategies necessary to protect your work site.
TXOne Networks Solutions take the spotlight as Enterprise Security Magazine’s December cover story
It's our pleasure to share that TXOne Networks is Enterprise Security magazine's cover story for December 2020! Read about recent changes in the threat landscape, and the solutions that can prepare you to combat the new and versatile threats of this coming year.
TXOne makes Enterprise Security Magazine’s APAC top 10 enterprise security solution companies for 2020
We’re delighted to announce that TXOne Networks made Enterprise Security’s top 10 APAC companies offering enterprise security solutions for 2020!
Secure No More: The Myth of the Air Gap
It used to be that an air gap was an excellent way to safeguard sensitive assets, but the threat landscape has changed completely since then. Hardware, maintenance staff, and supply chain infection are all viable ways for cyber threats to compromise your air gap. Learn more about how these attack vectors can lead to cyber incidents inside your air gap, and what you can do to protect your air-gapped assets.
Secure Endpoints and Networks with Trust Listing
In this era of IT-OT convergence, cyber threats and malware are especially adaptive and flexible. The ideal cybersecurity solutions for countering such threats must be as straightforward and reliable as possible -- easy to deploy, and easy to adjust, providing a finely detailed level of control. One such solution is the trust list.
White Paper Release, ‘Securing Medical Devices with Trust Lists: Urgent Protection for Healthcare Centers’
With the ever-darkening shadow of cyber risk looming large over hospitals, how can we protect the fixed-use systems caregivers rely on to operate medical devices? Learn the latest cyber-defense methodology, tailored to the needs of healthcare centers, from our latest white paper.
Where does your work site fit into the 3 phases of Industry 4.0?
Knowing where your work site falls on the Industry 4.0 spectrum allows you to choose cybersecurity solutions tailored to your defensive needs.
White Paper Release, ‘Optimizing Network and Endpoint Resilience: Manufacturer Cybersecurity in the Era of Digital Transformation’
Learn about how to maximize work site defense while still ensuring operational continuity from TXOne Networks’ latest white paper, ‘Optimizing Network and Endpoint Resilience: Manufacturer Cybersecurity in the Era of Digital Transformation’.
Webinar: Strengthening Industrial Cybersecurity with Internal Segmentation
The Principal Security Architect for Trend Micro, Muthukumar Natarajan, teaches this half-hour webinar about the three different stages of adapting work sites into Industry 4.0, the common operational challenges that come with them, and other practical information that every OT stakeholder should know.
White Paper Release, ‘Network Segmentation: The OT Standard for Industry 4.0’
Our white paper 'Network Segmentation: the OT Standard for Industry 4.0' shares a comprehensive understanding of Network Segmentation technology, what's necessary to deploy it, and why it's essential to modern work sites.
The fourth industrial revolution brings with it a revolution in crime
New technology also creates new kinds of crime and vulnerability that must be warded off in order to maintain a successful business.
In the medical sector, unpatched and legacy systems are the weakest link
With cyber attacks on hospitals becoming much more common, it's important to pay special attention to the critical weak point in every hospital's cyber defenses: their unpatched and legacy devices.
Vulnerability CVE-2020-16226 Allows Easy Work Site Takeover
Vulnerability CVE-2020-16226, submitted by one of our own threat researchers, has a lot of potential to cause serious disruption in the hands of an intruder. Now's a great time to check over your ICS defenses.
The most up-to-date virus signatures are crucial to threat defense
TXOne Networks' threat researchers stay totally focused on creating in-depth vulnerability knowledge so they can identify signatures as soon as threats emerge.
Around-the-clock research keeps our solutions as resilient as possible
Threat specialists at TXOne Networks are foundational for our solutions' cutting-edge resilience as well as our ability to quickly come to grips with newly-discovered cyber threats.
Sharp Rise in Attacks on Healthcare Centers
The wave of attacks on hospitals predicted by INTERPOL for this year has now gone into full swing: recent weeks have been marked by another uptick in cyber-attacks affecting the medical sector, both in frequency and severity.
Windows XP source code leaks, significantly increasing risk of operation
With the leak of Windows XP's source code, the discovery of new vulnerabilities will now be faster and easier than ever.
With Zerologon, attackers can take over your network in about 3 seconds
Through the recently-emerged critical vulnerability, Zerologon (CVE-2020-1472), attackers can impersonate the identity of any computer on a network, bypassing authentication and tricking the domain controller or domain PCs into rapidly escalating their privileges.
Best Practices for Pharmaceutical Manufacturers with Trend Micro Portable Security 3
Learn about why half of the world's top 10 pharmaceutical companies choose TMPS3 to be a lynchpin of their cybersecurity routines, and just how they do that.
HITCON 2020: TXOne Networks’ CEO, Dr. Terence Liu, speaks about the current landscape for industrial cybersecurity
Our CEO, Dr. Terence Liu, delivered the keynote for HITCON 2020, Industrial Cybersecurity Landscape in 2020: Trends, Challenges, and Opportunities. Dr. Liu explains how the modern digital transformation is affecting ICS security, and how COVID-19 has changed the nature of work, creating new vulnerabilities.
EdgeIPS Pro: The world’s first intent-based industrial IPS array
TXOne Networks has perfected a new solution to the cybersecurity dilemmas of the IT-OT convergence – the first-of-its-kind intent-based industrial IPS array, EdgeIPS Pro. EdgeIPS Pro regiments segmenting, monitoring, and preventing threats from affecting large-scale production lines into a smooth and easily-organized routine.
Ricky Chen: Developing Cybersecurity for Healthcare
TXOne Networks' Business Development Director, Ricky Chen, gave a talk on Tuesday, Sept. 1, about cybersecurity for the healthcare sector. Read about the biggest threats the medical industry is facing, and how to protect against them.
3 ways to harden your ICS network
Though the specialized nature of factory equipment can make it difficult to harden, having multiple solutions for different parts of your ICS network or different kinds of systems makes the process much more manageable! Here are three strategies for hardening your network.
Put a shield around your legacy systems and unpatched devices
Legacy and unpatched systems are the most vulnerable to malware, and while a total update is out of the question due to cost or warranty limitations, don’t fear – we have a solution for you: virtual patching.
4 ways to reduce OT network attack surfaces
Attack surfaces are rapidly multiplying in our current technological environment. Through knowledge and application of these 4 methods, you can assure that you minimize attack surfaces and have a good general knowledge of where they're likely to form.
Light up your shadow OT with micro-segmentation
Deploy micro-segmentation to conveniently and elegantly limit privileges and access strictly on the basis of need.
To keep your factory running, choose protection tailored for your ICS protocols
To keep your factory running, choose protection tailored for your ICS protocols
C-More HMI Vulnerabilities, July 2020: Solutions
Check here to find IPS rules to prevent exploitation of the vulnerabilities recently discovered in C-More HMIs as of July 2020.
High risk vulnerability discovered in C-More HMIs
C-More human machine interfaces (HMIs) are extremely common in the ICS industry, and are used in a variety of critical infrastructure sectors, including manufacturing, waste water treatment, oil & gas, and smart power grids. TXOne Networks’ research team recently discovered that these HMIs are vulnerable to several kinds of severe cyber attack.
Are your endpoints protected against attacks targeting ICS?
Hackers are mastering the protocols of ICS systems and creating attacks specialized to take down ICS. Endpoints without modernized security systems are a major liability.
TXOne unveils its one-of-a-kind live IoT/ICS Threat Atlas
Our threat-hunting systems inspect malicious traffic that our sensors detect, and categorize it by signature, which is then output on the Threat Atlas with information about what the most common attacks are at this time.
Stop ransomware attacks from spreading with network segmentation
Network segmentation: by creating smaller secured areas, or “segments”, within your perimeter firewall, you give the sensitive areas of your network additional protection and ease of management.
Beyond the attack event from Taiwan GSN
Microsoft published a news story on April 16th, 2020  where they told the story of working with Taiwan’s Ministry of Justice Investigation Bureau (MJIB) to shut down a major IoT-based cyberthreat: a botnet operating within Taiwan’s Government Service Network (GSN).
MQTT Series #2: Potential risks of exposed MQTT brokers
There are over 47,000 exposed MQTT (Message Queuing Telemetry Transport) brokers which can be connected to without authentication. Sniffing the contents of their messages is easy. Learn more about risks of exposed MQTT brokers and how to mitigate exposure.
MQTT Series #1: Usage of MQTT in Our IoT & IIoT world
Message Queuing Telemetry Transport, or MQTT, is a lightweight publish-subscribe-based message transport protocol. It’s ideal for use in machine to machine (M2M) and Internet of Things (IoT) contexts. MQTT is getting more popular as the world of IoT and IIoT (Industrial IoT) expands. Read this article to learn more about MQTT brokers and applications.