As many as 19 vulnerabilities have been uncovered by cyber security experts that could disrupt not one but millions of Internet of Things (IoT) devices. As a result, security flaws have crash-landed in hundreds of millions of devices connected to the internet such as power grid equipment, industrial gear, smart home devices, printers, data center devices, routers, commercial aircraft devices, and satellite communications gadgets to name a few.
These bunch of vulnerabilities is known as Ripple20 were detected by an Israeli cyber security firm earlier this week. The researchers dubbed it as Ripple20 owing to its nature of having a ‘ripple effect’ to disrupt a wide range of industries, companies, people, and applications. These vulnerabilities have reached IoT devices involving some of the biggest vendors including Intel, HP, Baxter, Rockwell Automation, Schneider Electric and Caterpillar, among others. According to the researchers, many other global vendors may come under the fire and become vulnerable in the transportation, telecom, oil/gas, industrial control, medical, commerce, enterprise, and retail industries.
HP responded in a statement that they persistently monitor the security landscape and appreciate work that aids them identify any new threats. Whereas, Intel, too responded saying it had patched up the four critical bugs through an update this month. It also claimed that these bugs require a nonstandard configuration for the devices to be impacted. And that Intel is not aware of any of their customers that use such configuration.
The researchers claim it reached out to every affected device vendor that is known to be affected, in February 2020. Following this, many of the organizations released software updates to fix any vulnerabilities. According to the researchers, it would be safe to presume that the affected devices cannot be updated, whereas some of the affected companies have ceased operation. It may take months or even a year more to discover the complete list of devices and companies affected by the bug code.
Of the 19 bugs discovered by the cyber security experts, a number of them are critical, allowing hackers to do almost anything. As per an official statement by the experts, an attacker can basically control any devices affected by the bugs. Hackers will be able to run their own commands, when in contact with affected devices, and leak sensitive information. These attacks could be easily carried out via the internet if smart devices are connected to the internet.
The bugs found allowed the attackers to bypass firewalls and NAT to take control remotely, sans permissions from users. These critical vulnerabilities are apt for both targeted attacks and botnet operators. For now, testing all the devices connected to the internet for the Ripple20 impact and fixing these vulnerabilities should be the main goal for all companies prone to the threat.
The best way is to execute compensating controls like network segmentation to make it impossible for enemies to connect to the affected devices, along with NTA with SOAR to efficiently spot any suspicious behavior before they cause havoc, steal intellectual property or affect production.
As of now, the researchers claim the work on identifying all the threats is not yet done, as they believe to have scratched only the surface. As per their reports, not all Ripple20 bugs are critical, but a few that can be extremely dangerous.
For similar news and updates on Cybersecurity, visit ExcelliMatrix Blog
ExcelliMatrix will help you to protect your data and reputation. Follow us on Facebook, & LinkedIn or Contact us, 406-646-2102 and get your questions answered.