Yikes! The freshly-named “Ripple20” vulnerabilities have been discovered and targeted by hackers, endangering critical IoT devices belonging to major vendors in a wide range of fields including “medical, transportation, industrial control, enterprise, energy (oil/gas), telecom, retail, and commerce” (“Ripple 20”, JSOF). The vulnerabilities are in low-level TCP/IP software from Treck, Inc. Make sure you’re running top-of-the-line threat defense!
The first thing to do is make sure all devices are updated to the latest versions. For devices that can’t be patched, sometimes you will hear the suggestion of connecting them to the network only as necessary, but the hard truth is that any such device on the network is very vulnerable. To establish reliable security, you have a few options.
- The easiest to manage and most reliable option is to use virtual patch technology (such as EdgeIPS) to put a “shield” around unpatched devices
- Segment your OT network, using network segmentation to put devices into work group-based zones that can only interact with each other – EdgeFire is perfect for this project
- Use only the most secure methods of remote access – deny all unusual traffic, and implement deep packet inspection (also provided by EdgeIPS and EdgeFire)
More than 100 million devices stand to be affected by these vulnerabilities, many of which will enable hackers to execute code remotely. According to JSOF, “data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction”.
It’s important to remember that vulnerabilities such as this are a regular part of doing business, and hackers will find flaws in any system sooner or later. While keeping software up-to-date is one way to put a band-aid on this situation, the only way to be sure your network has sufficient defense against IIoT cyberthreats is to use technology like EdgeIPS™ and EdgeFire™ to segment your network, restrict privileges, and locate suspicious behavior as early as possible!
White Paper Release, ‘Network Segmentation: The OT Standard for Industry 4.0’
Our white paper 'Network Segmentation: the OT Standard for Industry 4.0' shares a comprehensive understanding of Network Segmentation technology, what's necessary to deploy it, and why it's essential to modern work sites.
The fourth industrial revolution brings with it a revolution in crime
New technology also creates new kinds of crime and vulnerability that must be warded off in order to maintain a successful business.
In the medical sector, unpatched and legacy systems are the weakest link
With cyber attacks on hospitals becoming much more common, it's important to pay special attention to the critical weak point in every hospital's cyber defenses: their unpatched and legacy devices.
Vulnerability CVE-2020-16226 Allows Easy Work Site Takeover
Vulnerability CVE-2020-16226, submitted by one of our own threat researchers, has a lot of potential to cause serious disruption in the hands of an intruder. Now's a great time to check over your ICS defenses.
The most up-to-date virus signatures are crucial to threat defense
TXOne Networks' threat researchers stay totally focused on creating in-depth vulnerability knowledge so they can identify signatures as soon as threats emerge.
Around-the-clock research keeps our solutions as resilient as possible
Threat specialists at TXOne Networks are foundational for our solutions' cutting-edge resilience as well as our ability to quickly come to grips with newly-discovered cyber threats.
Sharp Rise in Attacks on Healthcare Centers
The wave of attacks on hospitals predicted by INTERPOL for this year has now gone into full swing: recent weeks have been marked by another uptick in cyber-attacks affecting the medical sector, both in frequency and severity.
Windows XP source code leaks, significantly increasing risk of operation
With the leak of Windows XP's source code, the discovery of new vulnerabilities will now be faster and easier than ever.
With Zerologon, attackers can take over your network in about 3 seconds
Through the recently-emerged critical vulnerability, Zerologon (CVE-2020-1472), attackers can impersonate the identity of any computer on a network, bypassing authentication and tricking the domain controller or domain PCs into rapidly escalating their privileges.
Best Practices for Pharmaceutical Manufacturers with Trend Micro Portable Security 3
Learn about why half of the world's top 10 pharmaceutical companies choose TMPS3 to be a lynchpin of their cybersecurity routines, and just how they do that.
HITCON 2020: TXOne Networks’ CEO, Dr. Terence Liu, speaks about the current landscape for industrial cybersecurity
Our CEO, Dr. Terence Liu, delivered the keynote for HITCON 2020, Industrial Cybersecurity Landscape in 2020: Trends, Challenges, and Opportunities. Dr. Liu explains how the modern digital transformation is affecting ICS security, and how COVID-19 has changed the nature of work, creating new vulnerabilities.
EdgeIPS Pro: The world’s first intent-based industrial IPS array
TXOne Networks has perfected a new solution to the cybersecurity dilemmas of the IT-OT convergence – the first-of-its-kind intent-based industrial IPS array, EdgeIPS Pro. EdgeIPS Pro regiments segmenting, monitoring, and preventing threats from affecting large-scale production lines into a smooth and easily-organized routine.
Ricky Chen: Developing Cybersecurity for Healthcare
TXOne Networks' Business Development Director, Ricky Chen, gave a talk on Tuesday, Sept. 1, about cybersecurity for the healthcare sector. Read about the biggest threats the medical industry is facing, and how to protect against them.
3 ways to harden your ICS network
Though the specialized nature of factory equipment can make it difficult to harden, having multiple solutions for different parts of your ICS network or different kinds of systems makes the process much more manageable! Here are three strategies for hardening your network.
Put a shield around your legacy systems and unpatched devices
Legacy and unpatched systems are the most vulnerable to malware, and while a total update is out of the question due to cost or warranty limitations, don’t fear – we have a solution for you: virtual patching.
4 ways to reduce OT network attack surfaces
Attack surfaces are rapidly multiplying in our current technological environment. Through knowledge and application of these 4 methods, you can assure that you minimize attack surfaces and have a good general knowledge of where they're likely to form.
Light up your shadow OT with micro-segmentation
Deploy micro-segmentation to conveniently and elegantly limit privileges and access strictly on the basis of need.
To keep your factory running, choose protection tailored for your ICS protocols
To keep your factory running, choose protection tailored for your ICS protocols
C-More HMI Vulnerabilities, July 2020: Solutions
Check here to find IPS rules to prevent exploitation of the vulnerabilities recently discovered in C-More HMIs as of July 2020.
High risk vulnerability discovered in C-More HMIs
C-More human machine interfaces (HMIs) are extremely common in the ICS industry, and are used in a variety of critical infrastructure sectors, including manufacturing, waste water treatment, oil & gas, and smart power grids. TXOne Networks’ research team recently discovered that these HMIs are vulnerable to several kinds of severe cyber attack.
Are your endpoints protected against attacks targeting ICS?
Hackers are mastering the protocols of ICS systems and creating attacks specialized to take down ICS. Endpoints without modernized security systems are a major liability.
TXOne unveils its one-of-a-kind live IoT/ICS Threat Atlas
Our threat-hunting systems inspect malicious traffic that our sensors detect, and categorize it by signature, which is then output on the Threat Atlas with information about what the most common attacks are at this time.
Stop ransomware attacks from spreading with network segmentation
Network segmentation: by creating smaller secured areas, or “segments”, within your perimeter firewall, you give the sensitive areas of your network additional protection and ease of management.
Beyond the attack event from Taiwan GSN
Microsoft published a news story on April 16th, 2020  where they told the story of working with Taiwan’s Ministry of Justice Investigation Bureau (MJIB) to shut down a major IoT-based cyberthreat: a botnet operating within Taiwan’s Government Service Network (GSN).
MQTT Series #2: Potential risks of exposed MQTT brokers
There are over 47,000 exposed MQTT (Message Queuing Telemetry Transport) brokers which can be connected to without authentication. Sniffing the contents of their messages is easy. Learn more about risks of exposed MQTT brokers and how to mitigate exposure.
MQTT Series #1: Usage of MQTT in Our IoT & IIoT world
Message Queuing Telemetry Transport, or MQTT, is a lightweight publish-subscribe-based message transport protocol. It’s ideal for use in machine to machine (M2M) and Internet of Things (IoT) contexts. MQTT is getting more popular as the world of IoT and IIoT (Industrial IoT) expands. Read this article to learn more about MQTT brokers and applications.