Project Memoria Uncovers Persistent Vulnerabilities in Industrial Devices

Most organizations are unaware of device vulnerabilities until a threat occurs. This can result in accidental data exposure and leaks that can cause significant harm to the organization.

Threat actors can use device vulnerabilities to carry out dangerous actions such as obtaining escalated user privileges, launching DoS or ransomware attacks, and others. In the Asia Pacific region, 83% of firms have experienced ransomware attacks in the past five years due to device vulnerabilities. As the number of connected devices increases, spending on IoT in the region is expected to reach $437 billion by 2025, putting firms at greater risk.

That's why device vulnerability management is crucial in identifying and closing security gaps before they're exploited by threat actors.

Project Memoria, the largest research to date on the security posture of TCP/IP stacks, was introduced by Forescout in 2020 in partnership with JSOF Research. The research identified around 100 vulnerabilities across 14 TCP/IP stacks and continues to influence future research.

Research Findings

The Project Memoria study revealed that the number of devices with vulnerabilities has gone up by 50% in some cases. One year after the study was published, researchers from Vedere Labs discovered that some devices running vulnerable services had decreased, while others had increased. In particular, the number of devices running NicheStack, a stack found vulnerable in INFRA:HALT, had increased by 50%. On the other hand, the number of devices exposed on the internet running the Nucleus FTP server and RTOS had decreased.

Project Memoria highlights the long-term problems the industry faces with supply chain vulnerabilities, which affects hundreds of different products including medical equipment, gas turbines, network switches, and VoIP phones. The study has also led to the creation of a body of work that provides guidance on how to avoid repeating the same mistakes. However, some of the vulnerabilities are now being exploited by threat actors and vendor response has been slow and inadequate. This highlights the need for more attention to be put into network segmentation efforts.

The importance of device vulnerability management

A vulnerability management program protects against network breaches caused by well-known vulnerabilities and ensures that the network adheres to all legal and regulatory standards. It scans the network for possible incompatibilities, missed updates, and common software vulnerabilities, and prioritizes any vulnerabilities for repair.

Device vulnerability management goes beyond just reconfiguring settings and patch management. It is a proactive mindset that understands that new vulnerabilities are identified daily and that discovery and remediation must be a continuous process.

Daniel Dos Santos, Head of Security Research at Forescout said, “Project Memoria came at a time when initiatives for understanding the complexity of software supply chains and how to tame that complexity with tools such as software bills of materials (SBOMs) and automated vulnerability disclosure were starting to gain traction. However, the vulnerabilities in Project Memoria will probably remain an unsolved problem for a long time, due to the fact that often no patches are available because vendors take a long time to publish them, and vulnerable devices continue to be exposed directly to the internet”.

Dos Santos continues, “One of the most important takeaways from the project is that simply identifying vulnerable devices is not enough if no further action can be taken. Mitigation measures such as device visibility, segmentation and exploit detection help with supply-chain vulnerabilities, and organisations must adopt security tools that allow for detection of threats and automated, orchestrated response”.