Researchers discover that one in three IT environments are vulnerable to Ripple20 threat

Published: Friday, 11 September 2020 08:34

ExtraHop has issued a report warning of the potential impact of Ripple20 vulnerabilities if affected software goes undetected and unpatched. Analyzing data across its customer base, ExtraHop threat researchers found that 35 percent of IT environments are vulnerable to Ripple20.

The Ripple20 threat is a series of 19 vulnerabilities found in the Treck networking stack, a low-level TCP/IP software library developed by Treck Inc. that is commonly used by device manufacturers across many industries, including utilities, healthcare, government, and academia. The impact of this threat ‘ripples’ through complex software supply chains, making it a difficult vulnerability to mitigate.

The JSOF threat research organization found the Ripple20 vulnerability (CVE-2020-11901) in June 2020, and provided the details to impacted device manufacturers and security vendors to give them time to deploy patches and create detections before releasing their findings to the general public. The ExtraHop threat research team studied customer data and discovered vulnerable software in one out of every three IT environments. With industry average dwell times hovering around 56 days, these devices are ‘a ticking time bomb if left alone’ according to ExtraHop. ExtraHop experts predict that this exploit will be widely used by attackers as an easy backdoor into networks across industries around the globe.

ExtraHop says that organizations can take a number of steps to help mitigate the risk from Ripple20:

More details.