Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Forescout Research Labs. Show all posts
Remote Code Execution
Crypto Mining Forescout Research Labs IoT IT Network malware PoC Exploit Code Ransomware Attacks. Remote Code Execution

IoT and OT Impacted by Forescout Proof-of-Concept Ransomware Attack

 

Attackers will grow as defenders improve at resisting double extortion. Rather than focusing on IT, an option is to target operational technology (OT). Attacks on OT are not only harder to execute, but their consequences are also more difficult to mitigate.

Vedere Labs, a division of Forescout, has released a proof of concept (PoC) for a 'ransomware' attack that employs IoT for access, IT for traversal, and OT for detonation. Commonly known as R4IoT, it's the latest version of ransomware. R4IoT's ultimate purpose is to get an initial foothold by exploiting exposed and unprotected IoT devices like IP cameras, then installing ransomware in the IT network and using poor operational security procedures to enslave mission-critical systems. 

"It basically comes out of our observation of the shifting nature of the threat actors involved in ransomware — they've been changing strategies in the last couple of years," Daniel dos Santos, head of security research at Forescout's Vedere Labs, explained. The tipping point for thieves to start attacking such devices for ransomware assaults, according to dos Santos, "will most likely be when the IT and OT devices cross 50%." "And that'll be very soon. It will take between one and two years." 

According to the survey, Axis and Hikvision account for 77% of the IP cameras used by Forescout's 1,400 global customers. Axis cameras alone were responsible for 39% of the total. "This shows that exploiting IP camera flaws as a repeatable point of entry to a variety of businesses is a possibility," stated dos Santos in a report. 

In a neutral setting, this may mean infiltrating a corporate network system to drop ransomware and retrieve other payloads from a remote server to deploy cryptocurrency miners and perform DoS assaults against OT assets. Organizations should identify and patch vulnerable devices, enforce network segmentation, adopt strong password rules, and monitor HTTPS connections, FTP sessions, and network traffic to reduce the possibility and impact of possible R4IoT incidents.

"Ransomware has been the most frequent threat in recent years, and it has largely crippled enterprises by exploiting flaws in traditional IT equipment," the researchers noted. Dos Santos advised using the NIST Cybersecurity Framework and zero-trust architecture, as well as effective network segmentation.
Read more »
Vulnerabilities and Exploits
100 million Forescout Research Labs IoT JSOF User Security Vulnerabilities and Exploits

Research Study Shows That 100 Million IOT Devices are at Risk

 

Forescout Research Labs has disclosed a new collection of DNS vulnerabilities in collaboration with JSOF, potentially impacting over 100 million consumer devices. The seemingly simple code that underpins how computers interact with the internet has identified a shocking number of vulnerabilities for researchers. As of now, there are 9 new vulnerabilities, including Internet of Things products and IT control servers, with approximately 100 million devices worldwide. 

The newly revealed bugs are the code that implements protocol of network communication for connecting devices to the internet in four ubiquitous TCP/IP stacks. In operating systems such as the FreeBSD open-source project and Nucleus NET of the industrial control company Siemens, the vulnerabilities are all related to how the “Domain Name System” Internet phone book is carried out. 

They all encourage an attacker to destroy a computer and take it offline or get remote control access. All the vulnerabilities found by Forescout and JSOF security scientists now have patches, but this does not necessarily lead to corrections in actual devices that frequently run outdated versions of software. 

“With all these findings I know it can seem like we’re just bringing problems to the table, but we're really trying to raise awareness, work with the community, and figure out ways to address it,” says Elisa Costante, vice president of research at Forescout. She further added, “We've analyzed more than 15 TCP/IP stacks both proprietary and open source and we've found that there's no real difference in quality. But these commonalities are also helpful because we've found they have similar weak spots. When we analyze a new stack we can go and look at these same places and share those common problems with other researchers as well as developers.” 

Researchers are yet to see indications of these types of vulnerabilities being actively exploited in the wild by attackers. But the exposure is noticeable in the hundreds, perhaps billions, of devices that have potentially been affected as per several different findings.

Similar failures of Forescout and JSOF have already found themselves exposed in hundreds of millions or potentially trillions of devices in other TCP/IP proprietary and open-source stacks around the world. 

“For better or worse, these devices have code in them that people wrote 20 years ago—with the security mentality of 20 years ago,” says Ang Cui, CEO of the IoT security firm Red Balloon Security. 

Although the fixes do not proliferate in the near future, they too are available. And some other halted mitigation measures will minimize the exposure, namely by ensuring that as many devices as possible do not link to the internet directly and by using an internal DNS server. 

Forescout's Costante noted that operational behaviour would be predictable and that attempts to exploit certain defects would be easier to identify. 

Forescout has published an open-source script for network administrators in their organizations to recognize potentially insecure IoT devices and servers. 

The organization also continues to maintain an access database library of inquiries, which scientists and developers could use to quickly identify similar DNS vulnerabilities. 

“It’s a widespread problem; it’s not just a problem for a specific kind of device,” says Costante.
Read more »
Subscribe to: Posts (Atom)