Icefall Vulnerabilities, Insight Discussion.

By   ISBuzz Team
Writer , Information Security Buzz | Jun 22, 2022 05:39 am PST

A security report produced by Forescout’s Vedere Labs that has revealed a set of 56 vulnerabilities that are collectively called Icefall and impact operational technology equipment used in various critical infrastructure environments. What do you think, please join the discussion with experts.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
June 22, 2022 1:47 pm

Regarding OT (operational technology) systems used in manufacturing, power generation, or industrial control systems (ICS), those systems must be protected behind firewalls, with strong access controls and, if possible, additional segmentation to reduce the risk of compromise and exploitation.

With the recent vulnerabilities released and the high impact of remote code execution, compromised credentials, and authentication bypass, a cybercriminal can quickly gain access into an ICS environment to do nefarious and dangerous actions. Conducting a Shodan search (the Google of internet-connected devices), it’s been discovered that almost 6000 vulnerable devices related to the Icefall report are exposed to the internet with little to no protection.

Organizations want to isolate devices they cannot patch or update and consider moving them behind additional firewalls. Consider using jump systems for remote access or having any machine data sent to somewhere else internally in their organization for data collection.

Last edited 1 year ago by James McQuiggan
Terry Olaes
Terry Olaes , Technical Director
InfoSec Expert
June 22, 2022 1:43 pm

This is yet another reminder that critical infrastructure remains a top target for cybercriminals. Skybox Research Lab found that new vulnerabilities in operational technology (OT) products have risen 88% year over year. Too often, our researchers see organizations that only rely on conventional approaches to vulnerability management move to patch the highest severity vulnerabilities first based on the Common Vulnerability Scoring System (CVSS). Cybercriminals know this is how many companies handle their cybersecurity, so they’ve learned to take advantage of vulnerabilities seen as less critical to carry out their attacks. Additionally, in the case for OT, the mechanisms used to exploit these devices are less-sophisticated due to the design of these technologies to minimize friction and focus on HSE impact, above all. This enables bad actors to identify and weaponize new exploits more quickly, resulting in the drastic vulnerability count increase. 

In the case of ICEFALL, threat actors could have access to over 50 vulnerabilities that are affecting operational technology devices of several critical infrastructure organizations. The Russian state-sponsored hacking group known as Sandworm is already known to have successfully leveraged these vulnerabilities against Ukraine in recent months, identifying users and infrastructure, including electrical systems, and disconnecting its electrical substations.

To stay ahead of cybercriminals, companies must address vulnerability exposure risks before hackers attack them. That means taking a more proactive approach to vulnerability management by learning to identify and prioritize exposed vulnerabilities across the entire threat landscape. Organizations should ensure they have solutions capable of quantifying the business impact of cyber risks into economic impact. This will help them identify and prioritize the most critical threats based on the size of the financial impact, among other risk analyses such as exposure-based risk scores. They must also enhance the maturity of their vulnerability management programs to ensure they can quickly discover whether or not a vulnerability impacts them and how urgent it is to remediate.

Last edited 1 year ago by Terry Olaes

Recent Posts

Would love your thoughts, please comment.x