Monday, December 5, 2022
HomeCyber Security BlogCyber Security NewsRECENT VULNERABILITIES AFFECTING OT DEVICES

RECENT VULNERABILITIES AFFECTING OT DEVICES

Author

Date

Category

Cyberattacks can remotely write code, change the logic, and have a variety of impacts on OT devices.

Cyber-attacks can cause widespread damage to computer programs that are used in various sectors of the economy, such as oil and gas, chemical manufacturing companies, electricity generation, and distribution, mining, and construction.

Devices from 10 OT businesses have had close to 50 security flaws discovered in them. These flaws, according to security professionals, are a result of the vendors’ use of procedures that are insecure by design. Forescout found a series of security vulnerabilities in many different devices. Naming them OT: ICEFALL, it impacts as many as 26 models.

A staggering 38 percent of the 56 vulnerabilities found allow attackers to obtain confidential data like logins and passwords, while another 21 percent allow for firmware manipulation, 14 percent allow for remote code execution, and 8 percent allow for tampering with configuration data.

An attacker can bypass the authentication on a device to access its features, cause the device to go offline, or replace it with malicious code. 22 of the 56 flaws were due to poorer security implementations, meaning that developers had not put much thought into protection and security.

What happens if a vulnerability is found

There are different types of vulnerabilities that you can categorize by functionality.

It is easy for an attacker to remotely execute one-time codes on your device, but the access may be specific to a certain program or context. For example, remote code execution may only control a grading system.

Denial of Service (DoS) means an attacker may take a device offline or block some function. An attacker can manipulate the file, firmware, or I.E. of the device. The attacker would usually gain access to this vulnerability in critical functions with a lack of authentication and authorization or lacking integrity checks.

It is possible for an attacker to compromise credentials and access functions of a device, usually because the system stores or transmits data insecurely.

Bypassing existing security measures, you can access the desired device functions.

Apache Log4j

Apache Log4j is a logging library that is used to save and record information in Java-based applications, including web apps. The Apache log4j vulnerability has become one of the most severe computer risks to data security and is used globally across online services, and software applications.

Whenever there is a gain, there is also a loss. The cyber-world cannot be safe from any of these changes. More and more malware is being seen in cyberspace, with the most recent example Log4jShell, which affects millions of computer devices.

A Vulnerability Exploit Affecting Log4j

A critical vulnerability has been found that ranked high on the CSVS scale of severity. The rating is indicative of the high severity of the problem, and that vulnerable systems have a chance to be compromised remotely.

The exploit for the log4j security vulnerability, which is CVE-2021-44228, was published on December 9th of 2021, making it a ‘zero-day exploit.

To exploit this vulnerability, an attacker simply saved a special character or string in the application log to get access to restricted information. The responsibility of logging things is mostly up to the user, so they should be careful when accessing information from a security standpoint.

As the Log4jShell vulnerability can be triggered in many ways, and it is so pervasive, this has become a serious vulnerability. It needs a quick fix.

Why have recent vulnerabilities been affecting OT devices?

The exploit can take over a network quickly, as it requires no authentication and malicious attackers can add new log messages, change log message parameters, or execute code. Attackers can do these things by enabling lookup substitution on LDAP servers.

Log4j is the framework that handles log messages. If a cyber criminal sends a specially crafted message to your system, they could both remotely execute code and have an active vulnerability. It is possible to exploit the vulnerability due to user acceptance of certain requests. Hackers use this method to easily inject malware into different applications, making the process easy and efficient.

What can happen if your OT device is vulnerable

Apart from Java-based applications, several components and frameworks are at risk to this exploit that relies on Apache Druid, Apache Kafka, Apache Solr, and Apache Flink, as well as others.

The Log4j-core factor accounts for 4% of the ecosystem and 8% of the Maven Central repository. Log4j vulnerabilities have been seen in Minecraft servers. Recently, a popular example of this vulnerability was seen where an attack happened in the game’s chat and compromised player computers until a ransom was paid.

Are you ready to defend your business’s digital footprint?

While Log4jShell vulnerability left IT experts and businesses in shock, there are a few tips to consider. For example, it is highly recommended to get the software systems, applications, and products updated with the latest iteration of Log4j. This vulnerability, which is likely to be exploited due to the user accepting to log in to a malicious sandbox has been at a high probability of exploitation. Users should be cautious when receiving messages with unusual activity or content and should not execute any requests that are deemed suspicious.

Be aware of any potential security threats to your devices. Run a robust antivirus system, use long-form complex passwords and be careful about what you reveal through your devices. You can protect yourself and your business from the dangers posed by the internet. Businesses are often attacked with new intrusion techniques like hackers, who find new ways to exploit them.

RECENT HERE