Forescout’s ‘SIERRA:21 – Living on the Edge’ Analysis of New Vulnerabilities within OT and IoT – IoT Evolution World

3 minutes, 4 seconds Read

Forescout has been described as one of the global leaders in cybersecurity. With solutions focused on network security, risk and exposure management, and threat detection and response, Forescout tackles real-world use cases involving network access and control, network segmentation, asset inventory, ZTNA, OT and IoT security (i.e. we’ll be touching on that one more in this story, in particular), and cases necessitating stronger medical device security, automation, device compliance and SIEM modernization. These things impact financial services, healthcare, energy and utilities, and education (to name a few).

“See it. Secure it. Identify, protect and ensure the compliance of every cyber asset, continuously.” That’s a big M.O. for Forescout, especially when applied to IT, OT, IoT and beyond, but here we are.

In that vein, we have a new report produced by Forescout Research’s Vedere Labs – “SIERRA:21 – Living on the Edge” – which has uncovered almost two dozen new vulnerabilities in critical infrastructure, emphasizing the need for intelligent risk mitigation going into the new year.

Specifically, 21 new vulnerabilities have been identified. (Vulnerabilities that affect OT and IoT routers, increasing risk exposure.) Notably, the products affected are currently prevalent in multiple IoT-involved industries like healthcare/IoMT and manufacturing, fintech, power generation, government, and elsewhere.

The long-story-short of it: This report has exposed more than 86,000 devices across critical sectors.

Additional context: “SIERRA:21 – Living on the Edge” features research into Sierra Wireless AirLink cellular routers and some of its open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular; an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for a variety of applications. For example, Sierra Wireless routers are used for police vehicles connecting to a central network management system or to stream surveillance video, in manufacturing plants for industrial asset monitoring, in healthcare facilities providing temporary connectivity and to manage electric vehicle (EV) charging stations. That said, the 21 new vulnerabilities have the potential to stop vital communications that could have noticeable effect on everyday life.

Forescout Research also discovered that:

  • The attack surface is expansive, with those aforementioned 86,000 vulnerable routers still exposed online. Less than 10% of these routers are confirmed to be patched against known previous vulnerabilities found since 2019.
  • Regions with the highest number of exposed devices includes:
    • 68,605 devices in the U.S.
    • 5,580 devices in Canada
    • 3,853 devices in Australia
    • 2,329 devices in France
    • 1,001 devices in Thailand
  • Among the 21 vulnerabilities, one has critical severity (i.e. a CVSS score 9.6), nine have high severity, and 11 have medium severity. These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks.
  • “Patching can’t fix everything.” Ninety percent of devices exposing a specific management interface have reached “end-of-life” status, meaning they cannot be further patched.
  • It’s an uphill battle to secure supply chain components. Open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organizations to track and mitigate.

“We are raising the alarm because there remain thousands of OT/IoT devices representing an increased attack surface that requires attention,” advised Elisa Constante, VP at Forescout Research – Vedere Labs. “Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets. Our discoveries reaffirm the need for heightened awareness of the OT/IoT edge devices that are so often neglected.”

To learn more from the “SIERRA:21 – Living on the Edge” report, read here.

Edited by Greg Tavarez

author

Any Streams

AI Enabled Business & IT Automation

Similar Posts