According to researchers, millions of unpatched IoT and OT Devices threaten critical infrastructure. Read on to know more…
Operational Technology (OT) systems and Internet of Things (IoT) devices are core to the manufacturing, healthcare, and energy sectors. Recently, it has been identified that a large number of organizations using such devices may be at risk of attacks from specific sets of vulnerabilities, as they are lagging behind in applying patches.
According to researchers at Armis, around 97 percent of the OT devices affected by URGENT/11 (a group of vulnerabilities) are not patched, even though fixes are being delivered. Moreover, 80 percent of such devices impacted by the CDPwn (another group of vulnerabilities) also remain unpatched.
The URGENT/11 is a set of 11 different bugs that can impact any connected device using the Wind River’s VxWorks including an IPnet stack. Out of these, six are remote code execution (RCE) vulnerabilities. CDPwn contains five critical vulnerabilities identified in February in the Cisco Discovery Protocol (CDP), an info-sharing layer. These vulnerabilities can allow attackers to remotely take over millions of devices.
CDPwn and URGENT/11 vulnerabilities can allow attackers to take control over Cisco network equipment, perform lateral movement in-network, and gain access to mission-critical devices like PLCs. By exploiting such vulnerabilities, an attacker can get inside a network, and conduct reconnaissance without being detected. Even the attacker can execute an attack to cause financial or property damage.
Recent Discoveries
The latest news comes as attackers continue to exploit the bugs. In recent months, several IoT and OT devices have been found vulnerable and could have allowed a threat actor to be exploited. For instance, in October, the NSA identified one of the CDPwn flaws (CVE-2020-3118) as No. 24 on the list of the Top 25 vulnerabilities that are currently being consistently scanned, targeted and exploited by Chinese state-sponsored hacking groups.
Recently, researchers disclosed 33 vulnerabilities (dubbed as Amnesia) affecting millions of Operational Technology, IoT, and IT devices. Last month, CERT-In issued an advisory concerning the Mozi botnet that was affecting IoT devices globally, including routers from brands like Netgear, Huawei, D-Link, and others.
Mitigation
According to Ben Seri, vice president of research at Armis — to protect, organizations should patch wherever possible, but should also strive for complete visibility of their device footprint, behavioral analysis of the activity of those devices, and a capability to remediate issues or isolate compromised devices.
“You should also be able to map connections from devices throughout your network and detect anomalies in behavior that indicate suspicious or malicious behavior or communications so you can take the appropriate action.” added Seri.
Conclusion
Many IoT and OT devices do not have dedicated mechanisms to manage vulnerabilities. Thus, organizations should take extra precautions with such systems and work to improve visibility over their infrastructure, analyze the activity of those devices with behavioral analysis, and develop the ability to isolate compromised devices.