Kaspersky Lab helps to eliminate seven vulnerabilities in Industrial IoT platform solution
Kaspersky Lab experts have helped to identify and patch seven previously unknown vulnerabilities in the ThingsPro Suite
Kaspersky Lab experts have helped to identify and patch seven previously unknown vulnerabilities in the ThingsPro Suite – an industrial IoT platform, designed for industrial control systems (ICS) data acquisition and remote analysis. Some of the vulnerabilities found could potentially allow threat actors to gain highly priviledged access to industrial IoT gateways and execute deadly commands. All vulnerabilities identified were reported to and patched by platform developer Moxa.
ThingsPro Suite is an industrial internet of things platform that automatically gathers data from Operational Technology (OT) devices running at the industrial facility and submits it to an IoT cloud for further analysis. However, as much as such platforms are useful to ease IIoT integration and maintenance, they can also be dangerous, unless they are developed and integrated with adequate security concerns in mind. As such solutions work as a connecting point between IT and OT security domains, vulnerabilities found in them can potentially allow attackers to gain access to an industrial network.
Within two weeks, Kaspersky Lab ICS CERT security researchers have been conducting a preconceptual study of the product, testing it for vulnerabilities that could be exploited remotely. As a result, seven zero-day vulnerabilities were found. One of the most severe could allow a remote attacker to execute any command on the target IIoT gateway. Another vulnerability made it possible for cybercriminals to gain root privileges, providing the ability to change the device’s configuration. Moreover, its exploitation could be automated, meaning that cybercriminals could automatically compromise multiple Moxa ThingsPro IoT gateways in different enterprises and to even potentially gain access to industrial networks of the organizations.
“ Moxa is a trusted and respected brand in the industrial systems world. However, despite the company’s vast expertise and experience, its new product had a number of vulnerabilities, which shows that it is important even for industry leaders to conduct proper cybersecurity tests. We call on all ICS-product developers to act responsibly, performing regular vulnerability checks, treating the security of solutions for industrial systems as an integral and essential part of development ,” said Alexander Nochvay, security researcher at Kaspersky Lab.
To keep industrial control systems safe, we advise that companies:
- Restrict access of IIoT gateway devices to components of the enterprise’s OT and IT networks to the extent possible;
- Restrict access to IIoT gateway devices from the enterprise network and the internet to the extent possible;
- Set up monitoring of remote access to the enterprise’s OT network, as well as monitoring of access to individual ICS components (workstations, servers, and other equipment) inside the OT network;
- Use solutions designed to analyze network traffic, detect and prevent network attacks – at the boundary of the enterprise network and at the boundary of the OT network;
- Use dedicated solutions to monitor and perform deep analysis of network traffic on the OT network and detect attacks on industrial equipment;
- Ensure the security of hosts on the enterprise’s IT and OT networks using solutions that provide protection from malware and cyberattacks.
- Provide cyber-hygiene training to employees, partners and suppliers who have access to the enterprise’s OT network.
- To assist companies in choosing OT security solutions, world's leading research and advisory company Gartner has released its Competitive Landscape: Operational Technology Security report (Authored by: Ruggero Contu, Published on: 29 October 2018). Kaspersky Lab was cited for its solutions under the following categories: OT endpoint security, OT network monitoring and visibility, anomaly detection, incident response, and reporting, and OT Security Service. To see the full complimentary copy of report please visit the Gartner website .
Read a complimentary copy of the full version of the report on the Kaspersky Lab ICS CERT website .
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
About Kaspersky Lab ICS CERT
Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) is a global project launched by Kaspersky Lab in 2016 to coordinate the efforts of automation system vendors, industrial facility owners and operators, and IT security researchers to protect industrial enterprises from cyberattacks. Kaspersky Lab ICS CERT devotes its efforts primarily to identifying potential and existing threats that target industrial automation systems and the Industrial Internet of Things. During its first year of operation, the team identified over 110 critical vulnerabilities in products by major global ICS vendors. Kaspersky Lab ICS CERT is an active member and partner of leading international organizations that develop recommendations on protecting industrial enterprises from cyberthreats. www.ics-cert.kaspersky.com
Kaspersky Lab helps to eliminate seven vulnerabilities in Industrial IoT platform solution
Kaspersky
Related Articles Press Releases
Updated Kaspersky Security for Mail Server offers advanced content filtering and enhanced visibility for SOC
Kaspersky has announced a significant update to its Kaspersky Security for Mail Server, designed to strengthen systems against emerging email threats. The latest version of Kaspersky Security for Mail Server features advanced functionality for content filtering, quarantine management, and enhanced visibility for Security Operations Centers (SOC).Read More >Innovation journey: Dubai welcomed Kaspersky's Cyber Immunity Conference
Leading cybersecurity experts, scientists, business leaders and government officials from more than 20 countries worldwide have come together for the inaugural international Cyber Immunity Conference. Exploring the complex and evolving cyberthreat landscape the conference provided invaluable insights into the future of our digital age and celebrated the pioneering efforts of the first Cyber Immunity Champions.Read More >Kaspersky Thin Client 2.0: Cyber Immune protection with enhanced connectivity, performance and design
Kaspersky has presented an updated operating system for thin clients that offers enhanced connectivity, higher speed of applications delivery, lower total cost of ownership, user-friendly graphical interface and quick deployment. Kaspersky Thin Client 2.0 is the main component of the Cyber Immune solution for building thin client infrastructure in a wide range of industries, including healthcare, finance, education and manufacturing.Read More >
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.