Numerous servers are still vulnerable to exploitation.
Claroty has discovered VPN vulnerabilities that could threaten industries like oil and gas, water and electric utilities.
The VPNs access operation technology (OT) networks that these industries use. And while updates have been issued to fix the VPN vulnerabilities, numerous servers are still vulnerable to exploitation.
The National Security Agency warns that VPN vulnerabilities could pose a threat if not properly secured. The agency’s warning came amid a surge in remote work as organizations adapted to COVID-19 related office closures and other constraints.
As remote work persists in industries that use OT networks, the VPN approach for remote security might not be as secure as previously believed. The findings from Claroty note that vulnerable remote access servers can be highly effective attack surfaces for threat actors targeting VPNs.
To find out more about these VPN vulnerabilities, we spoke with Nadav Erez, research team lead at Claroty.
Channel Futures: How did Claroty discover these VPN vulnerabilities?
Nadav Erez: The Claroty research team constantly tracks global trends in security. We inspect possible attack surfaces in our customers’ networks. In the past few months, we have seen a great increase in the use of remote access solutions that lead directly into OT networks, and as the usage increases, so does the exposure to vulnerabilities in these types of platforms. Based on that, we chose to deeply investigate several products that are widely used in different OT domains. Once we identified these products as Moxa’s EDR-G902/3, Secomea’s GateManager, and HMS Networks’ eWon solution, we further investigated them to discover those reported vulnerabilities.
CF: Are these VPN vulnerabilities still dangerous? Can malicious hackers exploit them?
NE: Claroty maintains a responsible disclosure policy; therefore, we made sure all involved vendors have issued updated versions where the vulnerabilities have been fixed. Having said that, Claroty is monitoring internet-facing servers. … We still see hundreds of such servers that have not yet been updated; therefore, they may be exploited to gain access to the networks to which they provide access.
CF: What sort of damage could result from exploiting these VPN vulnerabilities?
NE: The affected VPN-based remote access solutions are used primarily to provide offsite personnel with access to OT networks within industrial enterprises and critical infrastructure – including oil and gas, water utility and electric utility providers – where secure connectivity to remote sites is critical. Successfully exploiting the vulnerabilities would give an attacker direct access to OT field devices and the ability to inflict physical damage to them; for example, shutting down or otherwise disrupting production.
CF: What aren’t organizations doing that they should be doing to protect themselves from these VPN vulnerabilities?
NE: Many organizations don’t realize the unique risks of enabling remote access for OT, as opposed to IT. While the security features of most VPNs make them generally well-suited and secure for IT remote access, such features tend to be …
SolarWinds-Cisco Meraki Integration Improves Device Monitoring
Microsoft Widens Hybrid Cloud Path with New Azure Arc, Azure Stack Hub Releases
Remote Learning: Help Your K-12 and Higher-Ed Clients Get Back to School Safely
News You Missed: MSPs Hold Their Own During COVID-19, Atera Expands Software Patching
Dynatrace Partner Program Highlights Digital Transformation Expertise
Auth0 Debuts Marketplace, Opens Door Wider to Identity Management Partners
Workshop: Voices of the Channel
VMware & SD-WAN: Taking a SASE Approach
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.