• Iot Forum
  • About us
  • Write for us
  • Contact us
  • Newsletter signup
IOT News - Internet of Things
  • IoT Forum
  • Hardware
    • Networking
  • Smart Home
  • Digital Transformation
    • All
    • Artificial Intelligence
    • Blockchain IoT
    • Enterprise IoT
    • Industrial IoT
    • Machine Learning
    • Smart City
    Morse Micro and Zetifi Announce Remote-Area Connectivity for Smart IoT Farming at #CES2024

    Morse Micro and Zetifi Announce Remote-Area Connectivity for Smart IoT Farming at #CES2024

    CES 2022 show highlights: Robo-dogs, self-sailing boat, brain tech

    CES 2022 show highlights: Robo-dogs, self-sailing boat, brain tech

    Quanergy and iCent to Showcase Advanced Electric Vehicle Charger Robot at #CES2022

    Quanergy and iCent to Showcase Advanced Electric Vehicle Charger Robot at #CES2022

    • Wearables
    • Artificial Intelligence
    • Machine Learning
    • Industrial IoT
  • Cloud
  • Security
  • 5G IoT
  • Cars
No Result
View All Result
  • IoT Forum
  • Hardware
    • Networking
  • Smart Home
  • Digital Transformation
    • All
    • Artificial Intelligence
    • Blockchain IoT
    • Enterprise IoT
    • Industrial IoT
    • Machine Learning
    • Smart City
    Morse Micro and Zetifi Announce Remote-Area Connectivity for Smart IoT Farming at #CES2024

    Morse Micro and Zetifi Announce Remote-Area Connectivity for Smart IoT Farming at #CES2024

    CES 2022 show highlights: Robo-dogs, self-sailing boat, brain tech

    CES 2022 show highlights: Robo-dogs, self-sailing boat, brain tech

    Quanergy and iCent to Showcase Advanced Electric Vehicle Charger Robot at #CES2022

    Quanergy and iCent to Showcase Advanced Electric Vehicle Charger Robot at #CES2022

    • Wearables
    • Artificial Intelligence
    • Machine Learning
    • Industrial IoT
  • Cloud
  • Security
  • 5G IoT
  • Cars
No Result
View All Result
IOT News - Internet of Things
No Result
View All Result
Home Security

ExtraHop Threat Research Team Finds One in Three IT Environments Vulnerable to Ripple20 Threat

Report from ExtraHop predicts broad exploitation of devices in a wide range of industries utilizing Treck software

IoTNews.com by IoTNews.com
September 11, 2020
in Security
0
AWS Announces General Availability of Amazon Fraud Detector
14
SHARES
81
VIEWS
Share on FBShare on TwitterShare on LinkedinReddit

SEATTLE: ExtraHop, the leader in cloud-native network detection and response, today issued a report warning of the potential impact of the Ripple20 vulnerabilities if affected software goes undetected and unpatched. Analyzing data across its customer base, ExtraHop threat researchers found that 35% of IT environments are vulnerable to Ripple20. The Ripple20 threat is a series of 19 vulnerabilities found in the Treck networking stack, a low-level TCP/IP software library developed by Treck Inc. that is commonly used by device manufacturers across many industries, including utilities, healthcare, government, and academia. The impact of this threat “ripples” through complex software supply chains, making it a difficult vulnerability to mitigate.

The JSOF threat research organization found the Ripple20 vulnerability (CVE-2020-11901) in June 2020, and unveiled the details to impacted device manufacturers and security vendors to give them ample time to deploy patches and create detections before releasing their findings to the general public. The ExtraHop threat research team studied customer data and discovered vulnerable software in one out of every three IT environments. With industry average dwell times hovering around 56 days, these devices are a ticking time bomb if left alone. ExtraHop experts predict that this exploit will be widely used by attackers as an easy backdoor into networks across industries around the globe.

“The devices that utilize the Treck stack are far-reaching with the potential for vast exploitation,” said Jeff Costlow, CISO, ExtraHop. “A threat actor could conceivably use this vulnerability to hide malicious code in the embedded devices for an extended period of time, and traditional endpoint or perimeter security solutions like EDR or NGFW will not have visibility into this set of exploits.”

Visibility and behavioral analysis of managed and unmanaged devices, including IoT, and visibility into unusual activity from potentially exploited devices within an organization’s east-west traffic, are table stakes for a secure network. Organizations can take a number of steps to help mitigate the risk from Ripple20.

ExtraHop mitigation recommendations include:

  • Patching: Vendors utilizing the Treck Software were given early access to the threat details so they could start producing patches immediately. Unfortunately, a large number of devices have discontinued support, which has made it difficult to account for all vulnerable device makes and models.
  • Removal from Service: If a patch is unavailable for the affected device, it’s recommended that organizations consider removing devices from service entirely and replacing them with known secure devices. Removing the device will improve hygiene and compliance, critical for keeping environments secure.
  • Monitor for Scanning Activity: Before a vulnerable device can be compromised, attackers must first find it. Organizations will need to assess their own practices to understand and monitor which scans are legitimate and which could indicate malicious intent.
  • Exploit Detection: Because not all vulnerable devices may be identified and patched, it is crucial that organizations detect unusual activity resulting from a Ripple20 exploit as it occurs, such as lateral movement and privilege escalation. Network-based detection is a requirement in this case because embedded devices that use the Treck software will not support endpoint agents.
  • Isolate Vulnerable Devices: In circumstances where it is not possible to patch affected devices, it is recommended that security teams take the following steps:
    • Verify devices are not publicly accessible
    • Move devices to a network segment isolated from local subnets
    • Drop all IP-in-IP traffic destined for affected devices
    • Drop all IPv6 traffic destined for affected devices

Read full report in PDF format

JOIN OUR IoT COMMUNITY
IoTForums.com
×
Continue to iotForums.com
Internet of Things platforms, projects, development, devices & support forum
for developers and enthusiasts
Tags: cybersecurityExtraHopiot devicesiot security
Share6Tweet4Share1Share
Previous Post

Machine-learning nanosatellites to monitor global trade

Next Post

Spain to invest 600 mn euros in artificial intelligence

Related Posts

Enhanced NETGEAR Armor Helps Deliver Next-Gen Protection for Connected Devices

Enhanced NETGEAR Armor Helps Deliver Next-Gen Protection for Connected Devices

by IoTNews.com
August 11, 2021
0

NETGEAR, Inc. (NASDAQ: NTGR), the leading provider of award-winning connected products designed to simplify and improve people's lives, today announced...

30 Golden Rules for Online Security and Browsing the Internet safely

30 Golden Rules for Online Security and Browsing the Internet safely

by IoTNews.com
June 27, 2021
0

I initially developed this list to help family members browse the internet safely and secure their computers and cryptocurrency wallets....

Awake Security Advances AI-powered Security for Faster Threat Protection and Remediation

Awake Security Advances AI-powered Security for Faster Threat Protection and Remediation

by IoTNews.com
July 24, 2020
0

Awake Security, the only advanced network detection and response company that delivers answers, not alerts, today announced platform enhancements that...

IoT Forum Discussions

No items

Stay Connected with IoTNews

IOT News - Internet of Things

© 2020 IoTNews.com

Navigate Site

  • Home
  • About us
  • Write for us
  • Contact Us
  • Newsletter signup

Follow Us

No Result
View All Result
  • IoT Forum
  • Hardware
    • Networking
  • Smart Home
  • Digital Transformation
    • Wearables
    • Artificial Intelligence
    • Machine Learning
    • Industrial IoT
  • Cloud
  • Security
  • 5G IoT
  • Cars

© 2020 IoTNews.com