Ripple20 a Major Threat

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,200
Content source
https://www.infosecurity-magazine.com/news/ripple20-a-major-threat/
A cluster of vulnerabilities known as Ripple20 pose a major threat to IT environments, according to new research by a Seattle enterprise cyber-analytics company.

The Ripple20 threat is a series of 19 vulnerabilities found in a low-level TCP/IP software library developed by Treck Inc. called the Treck networking stack. The library is used by device manufacturers across a host of different industries, including utilities, academia, government, and healthcare.

The vulnerability series (CVE-2020-11901) was first discovered by the JSOF threat research organization in June of this year.

Yesterday, a threat research team at ExtraHop issued a warning over the potential impact of Ripple20 after finding out that 35% of IT environments are vulnerable to the threat.

"The ExtraHop threat research team studied customer data and discovered vulnerable software in one out of every three IT environments," wrote researchers. "With industry average dwell times hovering around 56 days, these devices are a ticking time bomb if left alone."

The researchers predicted that this exploit will be widely used by attackers as an easy backdoor into networks the world over.
Click to expand...
 
  • Like
  • +Reputation
Reactions: Protomartyr, CyberPanther, Mercenary and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,158
From the white paper:

" About the Treck Networking Stack The Treck network stack has been in use in embedded devices for more than twenty years. Hundreds of millions of devices in the industrial controls, networking, transportation, retail, oil and gas, medical, and other fields that use the Treck software are now known to be vulnerable to exploits. Those exploits can enable attackers to steal data or even execute code.

Identifying vulnerable devices in your environment can be difficult due to the widespread use of the Treck network stack in the firmware of devices such as printers, backup batteries, industrial controllers, and more. While patches have been issued by Treck for all 19 vulnerabilities, due to the age and nature of these devices, patching may prove difficult or impossible.

The difficulties managing these devices combined with the ease with which these devices can be exploited has led our Threat Research team to predict long dwell times if a device is compromised. Some common devices using the Treck networking stack include:
• HP printers
• Ricoh printers
• Schneider/APC UPS devices
• Digi network tools "

www.extrahop.com

| ExtraHop

Understand this series of vulnerabilities and what you can do about them, plus see data from ExtraHop on how widespread the issue is.
www.extrahop.com www.extrahop.com
 
  • Like
Reactions: Protomartyr, upnorth, ForgottenSeer 85179 and 4 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
New 'Looney Tunables' Linux bug gives root on major distros
Replies
2
Views
1,117
News Archive
nicolaasjan
nicolaasjan
[correlate]
    • Like
    • +Reputation
    • Applause
Global Threat Intelligence Report Actionable and Contextualized Intelligence to Increase Your Cyber Resilience
Replies
0
Views
960
News Archive
[correlate]
[correlate]
vtqhtr413
    • +Reputation
    • Like
Security News ScarCruft APT Group Gears Up to Target Cybersecurity Pros
Replies
0
Views
1,216
Security News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top