The scope of Ripple20, a set of 19 zero-day vulnerabilities, impressed even seasoned cybersecurity professionals. Not just because several of these vulns were “critical,” enabling remote code execution. But because, since the 1990s, this flaw has been embedded in hundreds of millions of Internet of Things (IoT) devices.
Ripple20 was found in Treck’s widely-used TCP/IP stack (IPv4, IPv6, and other embedded protocols). This IoT firmware impacts supply chains in almost every sector, including government, medical, energy, and finance.
The flaw is called “Ripple” because of the “ripple effect.” This one vulnerable component of IoT devices could spread problems across many applications, firms, and industries.
Even worse, many companies that deployed these IoT devices decades ago have been sold or merged. That makes tracking and updating the affected devices complicated — or even impossible.
US-CERT considered the threat of Ripple20 so serious, it issued a national security advisory.
Some device vendors, like HP and Digi, also released security advisories, acknowledging the problem and providing CVEs. Unfortunately, they didn’t tie each CVE to a specific device. This reflects the vast quantity of devices involved, and the inability to prioritize which devices pose the greatest risk.
Risk Hunting Maps Attack Paths and Business Risks
There is some good news.
“Risk Hunting” platforms, like the Epiphany Intelligence Platform, apply Red Team expertise and AI to analyze threats in context with business risks.
A Risk Hunting analysis maps the attack paths that could compromise an asset, like an IoT device. It also visualizes where attacks could go next, based on that asset’s network connections. And it quantifies how those transitions could impact critical business processes.
With that information, cybersecurity teams can prioritize mitigation of the greatest business risks — before an attack can occur.
A Risk Hunting platform like Epiphany can scale to cover over 50 million systems and devices. (Though at the same time, Epiphany is agentless — it overlays and ingests data from existing systems. So users don’t have to manage any additional services.)