Yikes! The freshly-named “Ripple20” vulnerabilities have been discovered and targeted by hackers, endangering critical IoT devices belonging to major vendors in a wide range of fields including “medical, transportation, industrial control, enterprise, energy (oil/gas), telecom, retail, and commerce” (“Ripple 20”, JSOF). The vulnerabilities are in low-level TCP/IP software from Treck, Inc. Make sure you’re running top-of-the-line threat defense!
The first thing to do is make sure all devices are updated to the latest versions. For devices that can’t be patched, sometimes you will hear the suggestion of connecting them to the network only as necessary, but the hard truth is that any such device on the network is very vulnerable. To establish reliable security, you have a few options.
- The easiest to manage and most reliable option is to use virtual patch technology (such as EdgeIPS) to put a “shield” around unpatched devices
- Segment your OT network, using network segmentation to put devices into work group-based zones that can only interact with each other – EdgeFire is perfect for this project
- Use only the most secure methods of remote access – deny all unusual traffic, and implement deep packet inspection (also provided by EdgeIPS and EdgeFire)
More than 100 million devices stand to be affected by these vulnerabilities, many of which will enable hackers to execute code remotely. According to JSOF, “data could be stolen off of a printer, an infusion pump behavior changed, or industrial control devices could be made to malfunction”.
It’s important to remember that vulnerabilities such as this are a regular part of doing business, and hackers will find flaws in any system sooner or later. While keeping software up-to-date is one way to put a band-aid on this situation, the only way to be sure your network has sufficient defense against IIoT cyberthreats is to use technology like EdgeIPS™ and EdgeFire™ to segment your network, restrict privileges, and locate suspicious behavior as early as possible!