Serviceteam IT Security News

A cluster of vulnerabilities known as Ripple20 pose a major threat to IT environments, according to new research by a Seattle enterprise cyber-analytics company.

The Ripple20 threat is a series of 19 vulnerabilities found in a low-level TCP/IP software library developed by Treck Inc. called the Treck networking stack. The library is used by device manufacturers across a host of different industries, including utilities, academia, government, and healthcare.

The vulnerability series (CVE-2020-11901) was first discovered by the JSOF threat research organization in June of this year. 

Yesterday, a threat research team at ExtraHop issued a warning over the potential impact of Ripple20 after finding out that 35% of IT environments are vulnerable to the threat. 

“The ExtraHop threat research team studied customer data and discovered vulnerable software in one out of every three IT environments,” wrote researchers. 

“With industry average dwell times hovering around 56 days, these devices are a ticking time bomb if left alone.”

The researchers predicted that this exploit will be widely used by attackers as an easy backdoor into networks the world over.

“The devices that utilize the Treck stack are far-reaching with the potential for vast exploitation,” said Jeff Costlow, CISO at ExtraHop. 

“A threat actor could conceivably use this vulnerability to hide malicious code in the embedded devices for an extended period of time, and traditional endpoint or perimeter security solutions like EDR or NGFW will not have visibility into this set of exploits.”

Researchers recommended that device manufacturers and security vendors take immediate action and deploy mitigation tactics against the threat.

Specific actions advised include monitoring for scanning activity, isolating vulnerable devices, patching, and removing devices from services if a patch is unavailable.

“Vendors utilizing the Treck Software were given early access to the threat details so they could start producing patches immediately,” wrote researchers. 

“Unfortunately, a large number of devices have discontinued support, which has made it difficult to account for all vulnerable device makes and models.”

Concerned organizations should stay vigilant for unusual activity such as lateral movement and privilege escalation that can indicate a Ripple20 exploit is occurring. 

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!