ICS Advisory Recap: How to Mitigate Today’s Most Prevalent Cyber Risks

Posted on April 23, 2022
Author: RunSafe Security

Table of Contents:

ICS Advisory Recap: How to Mitigate Today’s Most Prevalent Cyber Risks

Recent ICS-CERT Advisories

How RunSafe Protects Against These Attacks

Prioritize Cybersecurity and Reduce Attack Surface with RunSafe

 

At RunSafe Security, we appreciate the tremendous work Cybersecurity and Infrastructure Security Agency (CISA) performs to help our nation be more resilient. 

In fact, we recently released our Attack Surface Reduction Index™ model to help organizations identify and prioritize which software to protect against exploits targeting critical infrastructure and open-source software. The ASRI model, if you have not seen it yet, is based on the National Vulnerability Database, incorporating recency, frequency, and severity of exploits targeting devastating vulnerabilities in proprietary and open-source software.

 

ASRI Model Button

 

It turns out that memory-based attacks are the most common and most severe types of attacks challenging our critical infrastructure. Along the way, our internal RunSafe team has gotten accustomed to the regular ICS-CERT Advisories CISA delivers; we forget to share how we prevent the related attacks. So we thought it would be important to review some advisories and how RunSafe’s advanced security techniques protect against devastating memory-based exploits even when a patch is not available.

Recent ICS-CERT Advisories

These recent ICS-CERT Advisories focus on software vulnerabilities and highlight how important it is to protect your organization from outside threats. Supply chain vulnerabilities are a significant threat and should be addressed quickly and efficiently. 

Hitachi Energy e-mesh EMS (ICSA-22-090-02)  

Original release date: March 31, 2022

This ICS Advisory was issued for Hitachi Energy’s e-mesh EMS software. The attack had a low attack complexity and was easy to deploy remotely, impacting Node.js vulnerabilities. 

Vulnerabilities that were targeted are Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, and Uncontrolled Resource Consumption. If exploited, attackers could gain control of systems and create denial-of-service conditions. 

Mitigations

It is essential to protect internet-enabled devices and open-source software from attacks originating from outside the network. It is possible to reduce the IoT attack surface with embedded device protection software. IoT devices are difficult to patch, and attacks can lead to costly downtime. 

Built-in security that doesn’t affect source code is essential. These can be built directly into the build process with CODE. For active open-source software, REPO can provide pre-hardened code to provide additional protection. 

DevSecOps tools like Alkemist can provide memory protection prior to deployment and passively block Zero-Day exploits to prevent memory corruption by immunizing software and providing ongoing monitoring. 

Siemens SINEC INS (ICSA-22-069-09) 

Original release date: March 10, 2022

This ICS Advisory identifies a low complexity, remotely deployable attack made on Siemens SINEC INS. This attack exploited vulnerabilities in the supply chain. 71 third-party components were affected due to vulnerabilities in Node.js, cURL, SQLite, CivetWeb, and DNS(ISC BIND). 

Supply chain threats are some of the most common attacks DevSecOps teams deal with. Third-party connections provide a vast attack surface as open-source code from suppliers is often riddled with hidden vulnerabilities that can then be passed into your systems. In fact, supply chain threats are considered the greatest emerging threats to the industry. 

Mitigations

Inoculating systems against hardware and software supply chain vulnerabilities is absolutely essential for software security. You cannot rely on third-party cybersecurity measures to protect your systems. 

Always verify supply chain protection, but take it further and eliminate security dependence on suppliers. Limit your exposure to open-source vulnerabilities with a security solution that understands the risks that come from outside suppliers. 

Alkemist can protect against threats throughout the development lifecycle—even when you don’t have source code. 

Wibu-Systems CodeMeter (Update F) (ICSA-20-203-01)

Original release date: March 10, 2022

This ICS Advisory for Wibu-Systems AG CodeMeter again identifies a low complexity, remotely exploitable attack on open-source software. This attack targeted several vulnerabilities, including Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, and Improper Resource Shutdown or Release.

The exploitable vulnerabilities would allow attackers to gain access to systems and wreak havoc. Denial-of-service conditions and hindrance of dependent third-party software were just some of the expected outcomes should an attack be successfully deployed. 

Mitigations

This advisory once again highlights the importance of supply chain security. There were nearly a dozen additional security advisories tied to the CodeMeter advisory. Vulnerabilities in one third-party supplier negatively impacted multiple other software. 

Relying on third-party cybersecurity measures or not adding additional security measures within your own software will lead to an untold number of vulnerabilities to be exploited. More than half of organizations who experienced a breach identified supply chain vulnerabilities as the precursor. 

Security solutions like Alkemist can prevent attacks from third-party vulnerabilities, shrinking attack surfaces and limiting the opportunity for damage and interruptions. 

Multiple Data Distribution Service (DDS) Implementations (Update A) (ICSA-21-315-02)

Original release date: February 01, 2022

As with the previous advisories, this ICS Advisory identifies a low complexity, remotely exploitable attack. This particular advisory impacts multiple open-source Object Management Group (OMG) Data-Distribution Service (DDS) implementations. 

Vendors affected include Eclipse, eProsima, GurumNetworks, Object Computing, Inc. (OCI), Real-Time Innovations (RTI), and TwinOaks Computing. Equipment affected includes CycloneDDS, FastDDS, GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS Secure, Connext DDS Micro, and CoreDX DDS.

The vulnerabilities are Write-what-where Condition, Improper Handling of Syntactically Invalid Structure, Network Amplification, Incorrect Calculation of Buffer Size, Heap-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency, Amplification, and Stack-based Buffer Overflow. If successfully exploited, these vulnerabilities can result in denial-of-service or buffer-overflow conditions. 

Mitigations

DDS is the standard for securing Industrial Internet of Things (IIoT) systems in real-time. Unfortunately, even industry standards can have vulnerabilities that can have a significant impact on your systems. 

The industries that utilize OMG DDS simply cannot risk vulnerabilities like these being exploited. Employing additional security measures within your own software is absolutely essential. 

Reducing the IIoT attack sur犀利士
face with solutions like Alkemist will inoculate systems and IIoT devices against hardware and software supply chain vulnerabilities. Prevent attackers from deploying malware, stealing trade secrets, or threatening national security by closing third-party vulnerabilities. 

How RunSafe Protects Against These Attacks

RunSafe Alkemist products immunize software and provide continuous monitoring of your system’s health. Our suite of products allow you to implement protections throughout the software development life cycle without impacting your code. 

CODE

CODE is an excellent DevSecOps tool. This technology allows developers to insert protection at build time without disrupting release schedules. Keep developers focused on what needs to get done and leave the security to RunSafe with a cybersecurity solution that provides built-in security from the start. 

REPO

Download pre-hardened software and eliminate your exposure to cyber attacks. Add patented runtime cyber protections directly into your open-source software to secure critical infrastructure and prevent vulnerability exploitation. With REPO, you can stay protected and save both time and resources. 

FLARE

Don’t expose yourself to damaging attacks and costly service disruptions. Current scanning technology misses 50% of vulnerabilities and runtime app monitoring technology misses many indicators of lurking threats. FLARE doesn’t. Continuously monitor the health of your systems, flag potential threats, and mitigate risk automatically with Flare. 

Prioritize Cybersecurity and Reduce Attack Surface with RunSafe

Every business is under a constant threat of cyber attack. Prioritizing cybersecurity prevents vulnerabilities from damaging critical infrastructure—as well as your reputation. 

DevSecOps tools like embedded device protection software or cloud workloads protection software are necessary in-house. Don’t rely on third-party cybersecurity or simple firewalls when it comes to open-source software and IoT. 

Render threats inert with RunSafe’s Alkemist. 

No matter where you are in your software’s development life cycle, Alkemist can minimize the attack surface and protect against memory-based attacks that could cripple your organization. Try it for free today and see how RunSafe can keep your open-source software protected against threats from any angle.

 

 

FAQs:

What are the most common types of attacks on infrastructure?

It turns out that memory-based attacks are the most common and most severe types of attacks challenging our critical infrastructure.

Why is prioritizing cybersecurity important?

Every business is under a constant threat of cyber attack. Prioritizing cybersecurity prevents vulnerabilities from damaging critical infrastructure—as well as your reputation. 

Can RunSafe help me prevent software exploitation and other breaches?

No matter where you are in your software’s development life cycle, Alkemist can minimize the attack surface and protect against memory-based attacks that could cripple your organization.