CISA Helps Critical Infrastructure Organizations Prevent Ransomware Attacks Through Pilot Program
Hello, Guest.!
Hello, Guest.!
Login Here
To enjoy unlimited access to articles, interviews, and invaluable govcon content. You’ll also receive our daily briefing straight to your inbox.
HANNOVER, Germany — Internet exposure of Operational Technology (OT) and Industrial Control Systems (ICS) continues to be a critical infrastructure security issue despite decades of raising awareness, new regulations, and periodic government advisories.
Forescout, a global cybersecurity leader, unveiled Better Safe Than Sorry, a seven-year analysis of internet-exposed OT/ICS data. The study was conducted by Forescout Research – Vedere Labs, a leading global team dedicated to uncovering vulnerabilities in and threats to critical infrastructure.
In the Better Safe Than Sorry report, Forescout researchers examine the realistic opportunities for a mass target attack of internet-exposed OT/ICS devices. These devices are fertile ground for abuse as attackers look no further than using basic rationale driven by current events, copycat behavior, or the emergencies found in new, off-the-shelf capabilities or readily available hacking guides to create chaos.
Forescout released Better Safe Than Sorry from HANNOVER MESSE, the world’s leading trade fair for industrial technology. Forescout researchers can discuss these findings in Hall 16, Booth: A12 in the IT & OT Circus, April 22-26.
“If these warnings sound familiar, it’s because they are. The looming potential for a mass target scenario is high,” said Elisa Costante, VP of Research at Forescout Research – Vedere Labs. “Forescout calls on vendors, service providers, and regulatory agencies to work collectively to prevent attacks on critical infrastructure that will spare no one.”
Top research highlights in the Better Safe Than Sorry report include:
The company says that exploits of the vulnerability have been ‘limited’ so far.
Palo Alto Networks disclosed Friday that a “critical” zero-day vulnerability affecting several versions of its PAN-OS firewall software has seen exploitation in attacks.
In an advisory, the cybersecurity giant said it is “aware of a limited number of attacks that leverage the exploitation of this vulnerability.”
[Related: Fortinet Discloses Vulnerabilities In FortiOS, FortiProxy, FortiClient Linux And Mac]
Exploits of the flaw “may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” Palo Alto Networks said in the advisory.
The vendor said the vulnerability (tracked at CVE-2024-3400) has been rated as a “critical” severity issue. Patches are not yet available but are expected to be released by this coming Sunday, April 14.
Palo Alto Networks provided several recommended workarounds and mitigations for the issue, including temporarily disabling firewall telemetry.
In a statement provided to CRN Friday, Palo Alto Networks said that “upon notification of the vulnerability, we immediately provided mitigations and will provide a permanent fix shortly.”
“We are actively notifying customers and strongly encourage them to implement the mitigations and hotfix as soon as possible,” the company said.
The vulnerability was found in the GlobalProtect feature in PAN-OS firewalls, the company said. The flaw affects the PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 versions of the firewall software.
“Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability,” the company said. “All other versions of PAN-OS are also not impacted.”
Palo Alto Networks credited researchers at cybersecurity firm Volexity for discovering the vulnerability. In December, Volexity researchers discovered vulnerabilities affecting Ivanti Connect Secure VPN devices, which went on to see mass exploitation by threat actors.
“This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled,” the company said in its advisory.
Customers can check if they have the GlobalProtect gateway configured under the Network > GlobalProtect > Gateways menu in the firewall’s web interface. The telemetry feature can be checked under Device > Setup > Telemetry.
The company plans to release software hotfixes for PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 to address the flaw on April 14. These patches will be numbered 10.2.9-h1, 11.0.4-h1 and 11.1.2-h3. Older PAN-OS releases are not impacted and neither are the Cloud NGFW or Prisma Access and Panorama appliances.