Claroty: VPN Vulnerabilities Endanger OT Networks

By | Managed Services News

Jul 31

Numerous servers are still vulnerable to exploitation.

Claroty has discovered VPN vulnerabilities that could threaten industries like oil and gas, water and electric utilities.

The VPNs access operation technology (OT) networks that these industries use. And while updates have been issued to fix the VPN vulnerabilities, numerous servers are still vulnerable to exploitation.

The National Security Agency warns that VPN vulnerabilities could pose a threat if not properly secured. The agency’s warning came amid a surge in remote work as organizations adapted to COVID-19 related office closures and other constraints.

As remote work persists in industries that use OT networks, the VPN approach for remote security might not be as secure as previously believed. The findings from Claroty note that vulnerable remote access servers can be highly effective attack surfaces for threat actors targeting VPNs.

To find out more about these VPN vulnerabilities, we spoke with Nadav Erez, research team lead at Claroty.

Channel Futures: How did Claroty discover these VPN vulnerabilities?

Claroty's Nadav Erez

Claroty’s Nadav Erez

Nadav Erez: The Claroty research team constantly tracks global trends in security. We inspect possible attack surfaces in our customers’ networks. In the past few months, we have seen a great increase in the use of remote access solutions that lead directly into OT networks, and as the usage increases, so does the exposure to vulnerabilities in these types of platforms. Based on that, we chose to deeply investigate several products that are widely used in different OT domains. Once we identified these products as Moxa’s EDR-G902/3, Secomea’s GateManager, and HMS Networks’ eWon solution, we further investigated them to discover those reported vulnerabilities.

CF: Are these VPN vulnerabilities still dangerous? Can malicious hackers exploit them?

NE: Claroty maintains a responsible disclosure policy; therefore, we made sure all involved vendors have issued updated versions where the vulnerabilities have been fixed. Having said that, Claroty is monitoring internet-facing servers. … We still see hundreds of such servers that have not yet been updated; therefore, they may be exploited to gain access to the networks to which they provide access.

CF: What sort of damage could result from exploiting these VPN vulnerabilities?

NE: The affected VPN-based remote access solutions are used primarily to provide offsite personnel with access to OT networks within industrial enterprises and critical infrastructure – including oil and gas, water utility and electric utility providers – where secure connectivity to remote sites is critical. Successfully exploiting the vulnerabilities would give an attacker direct access to OT field devices and the ability to inflict physical damage to them; for example, shutting down or otherwise disrupting production.

CF: What aren’t organizations doing that they should be doing to protect themselves from these VPN vulnerabilities?

NE: Many organizations don’t realize the unique risks of enabling remote access for OT, as opposed to IT. While the security features of most VPNs make them generally well-suited and secure for IT remote access, such features tend to be …

About the Author