Forescout, JFrog reveal new vulnerabilities in industrial systems, showing challenges in edge network, device security

One of the big challenges in understanding how widespread the problem is relates to the age of the software. This particular implementation of the TCP/IP software has been around since at least 1996, according to Forescout, and the company that commercialized it was acquired in 2016 by HCC Embedded.

Another challenge: the software was used by OEMs such as Altera (Intel), Microchip, Freescale (NXP), and STMicroelectronics for use with a variety of operating systems. Forescout noted that NicheStack also served as the foundation for other TCP/IP stacks, such as SEGGER’s emNet.

This can make tracking down software instances a ‘needle in the haystack’ type problem. Based on proprietary and public databases, Forescout reported finding over 6400 instances of the software running.

Securing edge devices and networks is a daunting task

The NicheStack vulnerabilities are only the latest example of security challenges facing all manner of industries. Global cyberattack activity increased 125% in the first half of 2021 compared to the same period a year ago, according to a new report from the Accenture Cyber Investigations, Forensics & Response (CFIR).

Ransomware attacks account for 38% of security incidents so far in 2021.

The U.S. Government recently published a memorandum detailing efforts to improve security around critical infrastructure such as pipelines following a ransomware attack on Colonial Pipeline in May that forced the U.S. company to shut down approximately 5,500 miles of pipeline. The company later paid $5 million ransom to the cybercriminals in order to restart operations.

Article Topics

edge device  |  edge network  |  embedded systems  |  Forescout  |  IT/OT  |  JFrog  |  network security  |  OCS  |  ransomware