Forescout, JFrog reveal new vulnerabilities in industrial systems, showing challenges in edge network, device security
Researchers from Forescout Research Labs and JFrog Security Research have discovered new vulnerabilities in the TCP/IP stack used in a number of industrial control systems. The issues appear to affect a wide range of companies, with manufacturing and retail being the industries most affected. The latest challenge to securing edge devices and networks comes amidst a growing wave of ransomware attacks and renewed calls to secure critical infrastructure.
Researchers detailed a set of 14 security vulnerabilities, called INFRA:HALT after the name of the software. The issues affect NicheStack, a proprietary TCP/IP software stack developed originally by InterNiche Technologies. Similar to other vulnerabilities, researchers said hackers can insert malicious code into software that is used on industrial networks and could allow bad actors to perform activities such as exfiltrating data or issuing denial of service attacks.
One of the big challenges in understanding how widespread the problem is relates to the age of the software. This particular implementation of the TCP/IP software has been around since at least 1996, according to Forescout, and the company that commercialized it was acquired in 2016 by HCC Embedded.
Another challenge: the software was used by OEMs such as Altera (Intel), Microchip, Freescale (NXP), and STMicroelectronics for use with a variety of operating systems. Forescout noted that NicheStack also served as the foundation for other TCP/IP stacks, such as SEGGER’s emNet.
This can make tracking down software instances a ‘needle in the haystack’ type problem. Based on proprietary and public databases, Forescout reported finding over 6400 instances of the software running.
Securing edge devices and networks is a daunting task
The NicheStack vulnerabilities are only the latest example of security challenges facing all manner of industries. Global cyberattack activity increased 125% in the first half of 2021 compared to the same period a year ago, according to a new report from the Accenture Cyber Investigations, Forensics & Response (CFIR).
Ransomware attacks account for 38% of security incidents so far in 2021.
The U.S. Government recently published a memorandum detailing efforts to improve security around critical infrastructure such as pipelines following a ransomware attack on Colonial Pipeline in May that forced the U.S. company to shut down approximately 5,500 miles of pipeline. The company later paid $5 million ransom to the cybercriminals in order to restart operations.
Article Topics
edge device | edge network | embedded systems | Forescout | IT/OT | JFrog | network security | OCS | ransomware
Comments