Operational Technology (OT) systems and Internet of Things (IoT) devices are core to the manufacturing, healthcare, and energy sectors. Recently, it has been identified that a large number of organizations using such devices may be at risk of attacks from specific sets of vulnerabilities, as they are lagging behind in applying patches.
According to researchers at Armis, around 97 percent of the OT devices affected by URGENT/11 (a group of vulnerabilities) are not patched, even though fixes are being delivered. Moreover, 80 percent of such devices impacted by the CDPwn (another group of vulnerabilities) also remain unpatched.
The URGENT/11 is a set of 11 different bugs that can impact any connected device using the Wind River’s VxWorks including an IPnet stack. Out of these, six are remote code execution (RCE) vulnerabilities.
CDPwn contains five critical vulnerabilities identified in February in the Cisco Discovery Protocol (CDP), an info-sharing layer. These vulnerabilities can allow attackers to remotely take over millions of devices.
CDPwn and URGENT/11 vulnerabilities can allow attackers to take control over Cisco network equipment, perform lateral movement in-network, and gain access to mission-critical devices like PLCs.
By exploiting such vulnerabilities, an attacker can get inside a network, and conduct reconnaissance without being detected. Even the attacker can execute an attack to cause financial or property damage.
In recent months, several IoT and OT devices have been found vulnerable and could have allowed a threat actor to be exploited.
Recently, researchers disclosed 33 vulnerabilities (dubbed as Amnesia) affecting millions of Operational Technology, IoT, and IT devices.
Last month, CERT-In issued an advisory concerning the Mozi botnet that was affecting IoT devices globally, including routers from brands like Netgear, Huawei, D-Link, and others.
Many IoT and OT devices do not have dedicated mechanisms to manage vulnerabilities. Thus, organizations should take extra precautions with such systems and work to improve visibility over their infrastructure, analyze the activity of those devices with behavioral analysis, and develop the ability to isolate compromised devices.