간편하게 보는 뉴스는 유니콘뉴스
Critical Infrastructure Still at High Risk: Forescout Research Spotlights 21 New Vulnerabilities

· 등록일 Dec. 07, 2023 10:55

· 업데이트일 2023-12-07 11:13:30

SAN JOSE, CALIF.--(Business Wire / Korea Newswire)--Forescout, a global cybersecurity leader, today released “SIERRA:21 - Living on the Edge,” an analysis of 21 newly discovered vulnerabilities within OT/IoT routers and open-source software components. The report — produced by Forescout Research - Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in critical infrastructure — emphasizes the continued risk to critical infrastructure and sheds light on possible mitigations.

Sierra:21 Video (Source: Forescout) Sierra:21 Infographic (Source: Forescout) “SIERRA:21 - Living on the Edge” features research into Sierra Wireless AirLink cellular routers and some of its open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular — an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for a variety of applications. For example, Sierra Wireless routers are used for police vehicles connecting to a central network management system or to stream surveillance video, in manufacturing plants for industrial asset monitoring, in healthcare facilities providing temporary connectivity and to manage electric vehicle charging stations. The 21 new vulnerabilities have the potential to stop vital communications that could impact everyday life.

Read the blog: Forescout Vedere Labs discloses 21 new vulnerabilities affecting OT/IoT routers

Forescout Research further finds:

·The attack surface is expansive with 86,000 vulnerable routers still exposed online. Less than 10% of these routers are confirmed to be patched against known previous vulnerabilities found since 2019.
·Regions with the highest number of exposed devices includes:
- 68,605 devices in The United States
- 5,580 devices in Canada
- 3,853 devices in Australia
- 2,329 devices in France
- 1,001 devices in Thailand
·Among the 21 vulnerabilities, one has critical severity (CVSS score 9.6), nine have high severity and 11 have medium severity. These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks.
·Patching can’t fix everything. 90 percent of devices exposing a specific management interface have reached end of life, meaning they cannot be further patched.
·It’s an uphill battle to secure supply chain components. Open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organizations to track and mitigate.

“We are raising the alarm today because there remain thousands of OT/IoT devices representing an increased attack surface that requires attention,” advises Elisa Constante, VP of Research, Forescout Research - Vedere Labs. “Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets. Our discoveries reaffirm the need for heightened awareness of the OT/IoT edge devices that are so often neglected.”

Sierra Wireless and OpenDNS have issued patches for the identified vulnerabilities. TinyXML is an abandoned open source project, so the upstream vulnerabilities will not be fixed and must be addressed downstream.

For more information, download the full report, “SIERRA:21 - Living on the Edge,” now at https://www.forescout.com/resources/sierra21-vulnerabilities.

Additional Resources:

·View the on-demand webinar: https://www.brighttalk.com/central/account/616385/channel/13809/video/602171
·Read more insight from Forescout Research: Hacktivists attack U.S. water treatment plant - analysis and implications

About Forescout

Forescout Technologies, Inc., a global cybersecurity leader, continuously identifies, protects and helps ensure the compliance of all managed and unmanaged connected cyber assets - IT, IoT, IoMT and OT. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide vendor-agnostic, automated cybersecurity at scale. The Forescout® Platform delivers comprehensive capabilities for network security, risk and exposure management, and extended detection and response. With seamless context sharing and workflow orchestration via ecosystem partners, it enables customers to more effectively manage cyber risk and mitigate threats.

View source version on businesswire.com: https://www.businesswire.com/news/home/20231205915662/en/

Website: http://www.forescout.com View Korean version of this release Contact W2 Communications for Forescout
Steve Bosk
[email protected]

Carmen Harris
[email protected]
This news is a press release from the provider.
Korea Newswire is committed to verifying the transparency of providers and eliminating content errors.
You can receive press releases from this company or in industries of interest via email and RSS for free. Subscribe> News provided byForescout Technologies, Inc. Distribution Channel Technology Software Information security Survey/Polls Overseas
인기 기사02.28 13시 기준
서울--(뉴스와이어)--삼성스토어는 98형(247cm) 초대형 TV 연간 누적 판매량이 전년 대비 약 3.2배 늘었다고 밝혔다. 98형(247cm) Neo QLED를 포함해 초대형 TV 라인업의 판매량은 매년 꾸준히 증가하고 있다. ...
서울--(뉴스와이어)--미디어커머스 기업 브랜드엑스코퍼레이션(각자대표 이수연, 강민준)이 전개하는 액티브웨어 젝시믹스는 세계 최대 아웃도어·스포츠 박람회인 ‘ISPO 뮌헨 2023’에 참가했다고 30일 밝혔다. 브랜드엑스코퍼레이션 젝시믹스, 세계 최대 무역박람회 ‘ISPO 뮌헨 2023’ 참가… 글로벌 광폭 행보 ‘ISPO 뮌헨’은 스포츠 및 아웃도어...
서울--(뉴스와이어)--바른북스 출판사는 역사문화도서 ‘그래도 여자보다는 삼국지에 대해 잘 알아야 하지 않겠어요?’가 출간된 지 2주도 되지 않아 2쇄에 돌입했다고 밝혔다. 이 책은 출간 5일 만인 지난 4월 24일 교보문고 동양사 부문에서 베스트셀러 1위에 올랐으며, YES...
서울--(뉴스와이어)--정신건강 분야는 복잡하고 주관적인 요소가 많아 지금까지 발전이 느렸지만 최근 인공지능(AI)과 디지털 기술의 발전으로 급성장하고 있는 영역이다. 상담사마다의 상담 및 치료 방법이 기록되지 못해 분석이 불가능했던 과거와 달리 음성인식과 자동 전사, 자연어 처리, 감성...
플로리다--(뉴스와이어)--Music Licensing, Inc. (OTC: SONG)이 Listerine Antiseptic (리스테린 소독제) 브랜드 관련 지적재산권을 성공적으로 인수함에 따라 전략적 성장 이니셔티브를 추진 중인 회사가 중요한 진전을 이루게 됐다고 발표했다. ...
서울--(뉴스와이어)--스패로우(대표 장일수)가 ‘2024년 중소기업 클라우드서비스 보급·확산 사업’의 공급기업으로 5년 연속 선정됐다. 스패로우는 해당 사업을 통해 SaaS형 애플리케이션 보안 취약점 분석 솔루션 ‘스패로우 클라우드(Sparrow Cloud)’를 제공하며, 수요기업으로 선정된 중소기업은 최대 80%까지 이용료를 지원받을 수 있다....
API
fg
유니콘뉴스는 보도자료 배포 서비스입니다.
여기에 뉴스를 등록하면 언론이 보도하고 널리 배포됩니다.