SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
IoT
#
IoT Security
Forescout uncovers 14 major OT vulnerabilities, impacting millions of critical infrastructure devices
Fri, 6th Aug 2021
FYI, this story is more than a year old
Author image
By Ryan Morris-Reade, Contributor
Follow us

Forescout Research Labs and JFrog Security Research have disclosed a set of 14 new vulnerabilities affecting operational technology (OT) devices.

The vulnerabilities, named INFRA:HALT, were disclosed as part of Forescout Research Lab's latest research supporting the cybersecurity industry.

The vulnerabilities affect the NicheStack TCP/IP stack, present in millions of operational technology devices used by organisations across many critical infrastructure sectors, including manufacturing, oil and gas, electricity and water.

NicheStack was first introduced two decades ago and continues to be central to the operations of many critical enterprise computer systems, making it highly susceptible to multiple forms of cybersecurity attacks. Despite the recent increase in threats, these vulnerabilities are still current, as many manufacturers haven't yet patched their systems.

When exploited, the vulnerabilities allow bad actors to take over building automation devices used to control lighting, power, security and fire systems, and programmable logic controllers used to run assembly lines, machines and robotic devices. This can significantly disrupt industrial operations and provide access to IoT devices. Once accessed, the stack becomes a vulnerable entry point to spread infectious malware across IT networks.

"INFRA:HALT has the potential to cause even more widespread disruption at a time when we already see an increased number of attacks against multiple global utility, oil and gas, healthcare and supply chain organisations," says Forescout Research Labs research manager, Daniel dos Santos.

"We urge organisations to take protective measures against INFRA:HALT, which requires limiting network exposure of critical vulnerable devices via network segmentation and patching devices as soon as vendors release patches."

Santos says that unless action is taken to adequately protect networks and the operational technology devices connected to them, it could only be a matter of time until these vulnerabilities are exploited, resulting in further hacks to critical infrastructure worldwide.

Hypothetical but plausible scenarios of what bad actors can do include:

  • Impact manufacturing by obtaining access to factory/plant networks to tamper with production lines. A recent example includes the attack on the world's largest meat supplier JBS.
  • Shut down fuel pipelines by infiltrating vulnerable IT networks and leveraging ransomware. A recent example includes the US Colonial Pipeline breach.
  • Disable safety systems in oil and gas facilities by accessing exposed OT devices to spread infectious malware. An example includes the TRITON malware attacks on industrial safety systems in the Middle East.
  • Compromise water facilities by accessing computers that control a city or country water treatment system. A recent example includes the Oldsmar water facility attack.

Related stories
RiverSafe teams up with Cribl to boost IT & data security services
Half of online traffic in 2024 generated by bots, report finds
Axis unveils hybrid cloud platform for adaptable security solutions
Cisco launches Hypershield for AI-driven security upgrade
Keeper Security launches user-friendly passphrase generator
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption