• Iot Forum
  • About us
  • Write for us
  • Contact us
  • Newsletter signup
IOT News - Internet of Things
  • IoT Forum
  • Hardware
    • Networking
  • Smart Home
  • Digital Transformation
    • All
    • Artificial Intelligence
    • Blockchain IoT
    • Enterprise IoT
    • Industrial IoT
    • Machine Learning
    • Smart City
    CES 2022 show highlights: Robo-dogs, self-sailing boat, brain tech

    CES 2022 show highlights: Robo-dogs, self-sailing boat, brain tech

    Quanergy and iCent to Showcase Advanced Electric Vehicle Charger Robot at #CES2022

    Quanergy and iCent to Showcase Advanced Electric Vehicle Charger Robot at #CES2022

    Awake Security Advances AI-powered Security for Faster Threat Protection and Remediation

    UN urges moratorium on AI tech that threatens rights

    • Wearables
    • Artificial Intelligence
    • Machine Learning
    • Industrial IoT
  • Cloud
  • Security
  • 5G IoT
  • Cars
No Result
View All Result
  • IoT Forum
  • Hardware
    • Networking
  • Smart Home
  • Digital Transformation
    • All
    • Artificial Intelligence
    • Blockchain IoT
    • Enterprise IoT
    • Industrial IoT
    • Machine Learning
    • Smart City
    CES 2022 show highlights: Robo-dogs, self-sailing boat, brain tech

    CES 2022 show highlights: Robo-dogs, self-sailing boat, brain tech

    Quanergy and iCent to Showcase Advanced Electric Vehicle Charger Robot at #CES2022

    Quanergy and iCent to Showcase Advanced Electric Vehicle Charger Robot at #CES2022

    Awake Security Advances AI-powered Security for Faster Threat Protection and Remediation

    UN urges moratorium on AI tech that threatens rights

    • Wearables
    • Artificial Intelligence
    • Machine Learning
    • Industrial IoT
  • Cloud
  • Security
  • 5G IoT
  • Cars
No Result
View All Result
IOT News - Internet of Things
No Result
View All Result
Home Security

ExtraHop Threat Research Team Finds One in Three IT Environments Vulnerable to Ripple20 Threat

Report from ExtraHop predicts broad exploitation of devices in a wide range of industries utilizing Treck software

IoTNews.com by IoTNews.com
September 11, 2020
in Security
0
AWS Announces General Availability of Amazon Fraud Detector
13
SHARES
78
VIEWS
Share on FBShare on TwitterShare on LinkedinReddit

SEATTLE: ExtraHop, the leader in cloud-native network detection and response, today issued a report warning of the potential impact of the Ripple20 vulnerabilities if affected software goes undetected and unpatched. Analyzing data across its customer base, ExtraHop threat researchers found that 35% of IT environments are vulnerable to Ripple20. The Ripple20 threat is a series of 19 vulnerabilities found in the Treck networking stack, a low-level TCP/IP software library developed by Treck Inc. that is commonly used by device manufacturers across many industries, including utilities, healthcare, government, and academia. The impact of this threat “ripples” through complex software supply chains, making it a difficult vulnerability to mitigate.

The JSOF threat research organization found the Ripple20 vulnerability (CVE-2020-11901) in June 2020, and unveiled the details to impacted device manufacturers and security vendors to give them ample time to deploy patches and create detections before releasing their findings to the general public. The ExtraHop threat research team studied customer data and discovered vulnerable software in one out of every three IT environments. With industry average dwell times hovering around 56 days, these devices are a ticking time bomb if left alone. ExtraHop experts predict that this exploit will be widely used by attackers as an easy backdoor into networks across industries around the globe.

“The devices that utilize the Treck stack are far-reaching with the potential for vast exploitation,” said Jeff Costlow, CISO, ExtraHop. “A threat actor could conceivably use this vulnerability to hide malicious code in the embedded devices for an extended period of time, and traditional endpoint or perimeter security solutions like EDR or NGFW will not have visibility into this set of exploits.”

Visibility and behavioral analysis of managed and unmanaged devices, including IoT, and visibility into unusual activity from potentially exploited devices within an organization’s east-west traffic, are table stakes for a secure network. Organizations can take a number of steps to help mitigate the risk from Ripple20.

ExtraHop mitigation recommendations include:

  • Patching: Vendors utilizing the Treck Software were given early access to the threat details so they could start producing patches immediately. Unfortunately, a large number of devices have discontinued support, which has made it difficult to account for all vulnerable device makes and models.
  • Removal from Service: If a patch is unavailable for the affected device, it’s recommended that organizations consider removing devices from service entirely and replacing them with known secure devices. Removing the device will improve hygiene and compliance, critical for keeping environments secure.
  • Monitor for Scanning Activity: Before a vulnerable device can be compromised, attackers must first find it. Organizations will need to assess their own practices to understand and monitor which scans are legitimate and which could indicate malicious intent.
  • Exploit Detection: Because not all vulnerable devices may be identified and patched, it is crucial that organizations detect unusual activity resulting from a Ripple20 exploit as it occurs, such as lateral movement and privilege escalation. Network-based detection is a requirement in this case because embedded devices that use the Treck software will not support endpoint agents.
  • Isolate Vulnerable Devices: In circumstances where it is not possible to patch affected devices, it is recommended that security teams take the following steps:
    • Verify devices are not publicly accessible
    • Move devices to a network segment isolated from local subnets
    • Drop all IP-in-IP traffic destined for affected devices
    • Drop all IPv6 traffic destined for affected devices

Read full report in PDF format

JOIN OUR IoT COMMUNITY
IoTForums.com
×
Continue to iotForums.com
Internet of Things platforms, projects, development, devices & support forum
for developers and enthusiasts
Tags: cybersecurityExtraHopiot devicesiot security
Share5Tweet3Share1Share
Previous Post

Machine-learning nanosatellites to monitor global trade

Next Post

Spain to invest 600 mn euros in artificial intelligence

Related Posts

Enhanced NETGEAR Armor Helps Deliver Next-Gen Protection for Connected Devices

Enhanced NETGEAR Armor Helps Deliver Next-Gen Protection for Connected Devices

by IoTNews.com
August 11, 2021
0

NETGEAR, Inc. (NASDAQ: NTGR), the leading provider of award-winning connected products designed to simplify and improve people's lives, today announced...

30 Golden Rules for Online Security and Browsing the Internet safely

30 Golden Rules for Online Security and Browsing the Internet safely

by IoTNews.com
June 27, 2021
0

I initially developed this list to help family members browse the internet safely and secure their computers and cryptocurrency wallets....

Awake Security Advances AI-powered Security for Faster Threat Protection and Remediation

Awake Security Advances AI-powered Security for Faster Threat Protection and Remediation

by IoTNews.com
July 24, 2020
0

Awake Security, the only advanced network detection and response company that delivers answers, not alerts, today announced platform enhancements that...

IoT Forum Discussions

The main characteristics and technical requirements of the power amplifier circuit

For a voltage amplifier, it is required to increase the voltage amplitude of the output signal as much as possible without distortion, but its output power is not necessarily large. Please, Log in or As for the power amplifier circuit, due to the different functional requirements, its working characteristics and technical requirements are different from those of the voltage amplifier. Specifically: 1. Output enough... The main characteristics and technical requirements of the power amplifier circuit [...]

How Communities Are Using IoT to Better Respond to Emergencies
How Communities Are Using IoT to Better Respond to Emergencies

IoT plays a role in contingency planning in several ways, such as measuring threats that are often difficult to monitor, alerting authorities at critical stages, and sharing relevant data to reduce risk in other areas. This year's global turmoil and natural disasters like the recent tornado in Kentucky, USA remind us that wars, natural disasters, and other emergencies are very real. According to recent studies, natural disasters have increased tenfold globally... How Communities Are Using IoT to Better Respond to Emergencies [...]

The difference between LoRa and LoRaWAN gateway module

Many people can't tell the difference between LoRaWAN wireless module and LoRa gateway wireless transmission technology, and what is their application in the field of Internet of Things. LoRaWAN refers to the networking protocol of the MAC layer, while LoRa is a physical layer protocol. Although the existing LoRaWAN networking basically uses LoRa as the physical layer, the LoRaWAN protocol also lists that GFSK can also be used as the physical layer in certain frequency bands. From the... The difference between LoRa and LoRaWAN gateway module [...]

SUBSCRIBE TO OUR FREE NEWSLETTER
* we never share your e-mail with third parties.
SUBSCRIBE NOW

Categories

  • 5G IoT
  • Artificial Intelligence
  • Blockchain IoT
  • Cloud Computing
  • Connected Car
  • Digital Transformation
  • Enterprise IoT
  • Industrial IoT
  • IoT Hardware
  • Machine Learning
  • Networking
  • Security
  • Smart City
  • Smart Home
  • Wearables

Stay Connected with IoTNews

IOT News - Internet of Things

© 2020 IoTNews.com

Navigate Site

  • Home
  • About us
  • Write for us
  • Contact Us
  • Newsletter signup

Follow Us

No Result
View All Result
  • IoT Forum
  • Hardware
    • Networking
  • Smart Home
  • Digital Transformation
    • Wearables
    • Artificial Intelligence
    • Machine Learning
    • Industrial IoT
  • Cloud
  • Security
  • 5G IoT
  • Cars

© 2020 IoTNews.com