Source – Shutterstock

The increase in vulnerabilities is the reason why device vulnerability management is important

  • The Project Memoria have vulnerabilities that affect a variety of systems, including building automation controllers and medical equipment
  • Forescout finds a 50% increase in industrial equipment vulnerabilities

Most organizations aren’t aware of a device vulnerability until the threat happens. Device vulnerabilities can often result in accidental data exposure and leaks, even if they aren’t actively targeted. At that point, they can only intervene to control its spread and minimize its harm. That’s why device vulnerability management is essential since it can offer a way to find and close security gaps before they’re exploited.

Threat actors can use device vulnerabilities to obtain escalated user privileges, launch DoS or ransomware attacks, and perform other damaging actions. In the last five years, 83% of APAC firms have experienced ransomware attacks due to these damages.

As there are more connected devices, the Asia Pacific region’s spending on IoT is expected to increase and reach US$ 437 billion by 2025. This growth will only cause firms to face greater risk than ever before.

The largest research to date on the security posture of TCP/IP stacks, Project Memoria, was introduced by Forescout in 2020. It started with a partnership with JSOF Research to comprehend the effects of Ripple20. It resulted in the identification of around 100 vulnerabilities across 14 TCP/IP stacks, divided into 5 phases: NAME:WRECK, NUMBER:JACK, INFRA:HALT, NUCLEUS:13, and AMNESIA:33.

What kind of damage did device vulnerabilities cause?

Vedere Labs, Forescout’s research group, has discovered that exposed devices running vulnerable services have dropped in some situations but increased in others during the past two years since the announcement of Project Memoria.

In the same two-year period seen for NUCLEUS:13, the number of devices running NicheStack has increased by nearly 50%. NicheStack is the stack discovered vulnerable in INFRA:HALT, which permits Denial of Service or Remote Code Execution primarily affecting operational technology (OT) and industrial control system (ICS) devices.

The number of machines running the Nucleus RTOS and FTP server that were exposed online had reduced by 13% and 25%, respectively, since the release of NAME:WRECK, six months ago.

One year after noticing the decline, in August 2022, when using the identical Shodan search engine queries, there was a dramatic decrease in exposed devices running the Nucleus FTP server. However, there are now 1100–1200 Nucleus RTOS-running machines, which is still fewer than when Forescout began the research.

Project Memoria is even more timely now than it was two years ago. It hinted at the industry’s ongoing issues with supply chain vulnerabilities and the importance of following the suggested mitigation measures offered with each disclosure.

Given that TCP/IP stacks are crucial supply chain components used by numerous software and device makers, it’s not surprising that the vulnerabilities discovered during Project Memoria affected hundreds of products. These products include network switches, VoIP phones, patient monitoring, and gas turbines.

The increase in vulnerabilities is the reason why device vulnerability management is important

Source – Forescout

The research sheds light on the impact from three angles:

  • The good: Project Memoria has produced a body of work that offers advice on preventing making the same mistakes and fixing specific problems. This body of work continues to influence research in the future.
  • The bad: Threat actors use some of these vulnerabilities, and vendor responses are frequently delayed and ambiguous.
  • The ugly: The number of exposed devices using the vulnerable services that Project Memoria revealed has fluctuated, decreasing in some cases while remaining stable or even increasing in others, demonstrating the need for greater focus on network segmentation initiatives.

The importance of device vulnerability management

A vulnerability management program aims to protect a network against known exploits and ensure it adheres to all legal and regulatory standards. It accomplishes this by scanning the network for possible incompatibilities, missed updates, and common software vulnerabilities. Any vulnerabilities are then prioritized for repair.

A vulnerability management program protects against network breaches caused by well-known vulnerabilities, making it far more difficult for hackers to target a firm. Additionally, it can save a company from regulatory noncompliance penalties’ financial and public relations costs.

Device vulnerability management goes beyond just reconfiguring settings and patch management. It is a proactive organizational mindset that understands that new vulnerabilities are identified daily, and that discovery and remediation must be continuous.