#BlackHat2024--Forescout Technologies, Inc., a global cybersecurity leader, and Finite State, an industry leader in software supply chain security, announced today the release of a new report, “Roug...
New Research from Forescout and Finite State Examine the State of the Software Supply Chain in OT/IoT Routers
SAN JOSE, Calif.: #BlackHat2024--Forescout Technologies, Inc., a global cybersecurity leader, and Finite State, an industry leader in software supply chain security, announced today the release of a new report, “Rough Around the Edges,” that analyzes the state of software supply chain in OT/IoT routers, which are essential for connecting critical devices across various environments to the internet. The research revealed that OT and IoT cellular routers, and others used in small offices and homes, have outdated software components that are linked to existing (“n-day”) vulnerabilities. “Rough Around the Edges” found that popular OT/IoT router firmware images had an average of 20 exploitable n-day vulnerabilities affecting the kernel, with widening security gaps.
“With the convergence of IoT and OT, threats targeting connected devices are increasing exponentially due to cybercriminal botnets, nation-state APT’s and hacktivists,” said Daniel dos Santos, Head of Research at Forescout Research – Vedere Labs. “Our recent Sierra:21 research found tens of thousands of devices with outdated firmware are exposed online, easily accessible to hackers. Following the publication of Sierra:21, we wanted to understand the state of software components in OT/IoT network devices from other vendors, and what threat actors might uncover if they looked more closely at this software supply chain. Instead of finding new vulnerabilities, our goal was to look at what is already known (“n-day”), but still present in the latest firmware releases of routers.”
Read the blog: Firmware Vulnerabilities Run Rampant in Cellular Routers
Forescout Research and Finite State analyzed five firmware images from popular OT/IoT router vendors: Acksys, Digi, MDEX, Teltonika, and Unitronics. The “Rough Around the Edges” report includes the following key findings from this analysis:
“The ‘Rough Around the Edges’ report reveals a troubling trend of outdated software components in OT/IoT routers, with many devices running modified versions of OpenWrt that include known vulnerabilities,” said Larry Pesce, Director of Product Research and Development at Finite State. “These findings highlight the critical importance of addressing software supply chain risks, as our analysis identified an average of 161 known vulnerabilities per firmware image, including 24 with critical scores. By leveraging our platform’s capabilities, organizations can gain deep insights into their software’s vulnerabilities and outdated components, allowing them to proactively address risks and protect their products and customers from evolving cyber threats.”
The research found positive correlations between the age of components, the number of known vulnerabilities, and binary hardening practices among vendors. As expected, firmware with newer components tends to have fewer vulnerabilities and better binary protections.
"As we observe an unprecedented increase in both managed and unmanaged devices connecting to the Internet—extending into critical infrastructure sectors and beyond—the need for robust cybersecurity measures has never been more urgent,” said Forescout CEO, Barry Mainz. “To effectively mitigate risks in an environment increasingly dominated by Operational Technology (OT) and Internet of Things (IoT), we need a comprehensive asset inventory that identifies crucial details through both passive and active methods. Integrating this data with Software Bills of Materials (SBOMs) helps us deliver targeted risk information and enforce security measures essential for protecting our digital infrastructure."
Join the lead researchers from Forescout and Finite State to delve into the risks associated with OT/IoT routers and discover effective strategies for mitigation.
About Forescout
The Forescout cybersecurity platform provides complete asset intelligence and control across IT, OT, and IoT environments. For more than 20 years, Fortune 100 organizations, government agencies, and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance, and mitigate threats. With seamless context sharing and workflow orchestration across more than 100 full-featured security and IT product integrations, Forescout makes every cybersecurity investment more effective.
Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout’s platform.
About Finite State
Finite State is the leading provider of software risk management solutions for connected devices and software supply chains. The Finite State platform is a central hub for device security, delivering continuous visibility into potential software risks. Armed with access to over two billion data points, customers receive actionable insights, encompassing SBOMs, vulnerability data, and remediation guidance. This proactive strategy streamlines the mitigation of application security (AppSec) and product risks, ensuring the safeguarding of critical sectors like consumer IoT, healthcare, automotive, manufacturing, and energy against cyber threats. For more information, please visit https://finitestate.io/
Fonte: Business Wire
Eni's VC company invest in the Italian drone company to develop new solutions for industrial plants monitoring
Oracle recognizes Technology Reply’s ability to develop and deliver pioneering solutions through partnering with Oracle
Scheduled for October, the world's largest startup event will bring together more than 2,000 exhibitors in Dubai, UAE
The Italian IoT company is in the US for the second phase of CALL4INNOVIT
$III #AI--Enterprises are turning to the cloud to access the resources they need to execute their AI strategies, according to a new research report from…
Eni's VC company invest in the Italian drone company to develop new solutions for industrial plants monitoring
Oracle recognizes Technology Reply’s ability to develop and deliver pioneering solutions through partnering with Oracle
The "Data Protection - Global Strategic Business Report" has been added to ResearchAndMarkets.com's offering. The global market for Data Protection was…