ExtraHop Threat Research Team Finds One in Three IT Environments Vulnerable to Ripple20 Threat
ExtraHop (News - Alert), the leader in cloud-native network detection and response, today issued a report warning of the potential impact of the Ripple20 vulnerabilities if affected software goes undetected and unpatched. Analyzing data across its customer base, ExtraHop threat researchers found that 35% of IT environments are vulnerable to Ripple20. The Ripple20 threat is a series of 19 vulnerabilities found in the Treck networking stack, a low-level TCP/IP software library developed by Treck Inc. that is commonly used by device manufacturers across many industries, including utilities, healthcare, government, and academia. The impact of this threat "ripples" through complex software supply chains, making it a difficult vulnerability to mitigate.
The JSOF threat research organization found the Ripple20 vulnerability (CVE-2020-11901) in June 2020, and unveiled the details to impacted device manufacturers and security vendors to give them ample time to deploy patches and create detections before releasing their findings to the general public. The ExtraHop threat research team studied customer data and discovered vulnerable software in one out of every three IT environments. With industry average dwell times hovering around 56 days, these devices are a ticking time bomb if left alone. ExtraHop experts predict that this exploit will be widely used by attackers as an easy backdoor into networks across industries around the globe.
"The devices that utilize the Treck stack are far-reaching with the potential for vast exploitation," said Jeff Costlow, CISO, ExtraHop. "A threat actor could conceivably use this vulnerability to hide malicious code in the embedded devices for an extended period of time, and traditional endpoint or perimeter security solutions like EDR or NGFW will not have visibility into this set of exploits."<> Visibility and behavioral analysis of managed and unmanaged devices, including IoT, and visibility into unusual activity from potentially exploited devices within an organization's east-west traffic, are table stakes for a secure network. Organizations can take a number of steps to help mitigate the risk from Ripple20.
ExtraHop mitigation recommendations include:
Note on the research:
Data privacy is one of the fundamental questions of our age. ExtraHop passively monitors every interaction on the network then extracts de-identified metadata to be processed by cloud-based machine learning. So, while we can clearly see how prevalent Ripple20 is across the infrastructures we monitor, we do not link that data to any specific customer.
ExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our Reveal(x) 360 platform, powered by cloud-scale AI, covertly decrypts and analyzes all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behavior and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI50, Cybercrime Ransomware 25, and SC Media Security Innovator.
Stop Breaches 84% Faster. Get Started at www.extrahop.com/freetrial
Protecting Critical Infrastructure with Epic Security
IoT Transportation Solutions for Government Agencies