Remote work solutions have helped many companies remain operational during the Covid-19 pandemic. However, many companies had to adapt to such technologies to rapidly. They put all their trust in end-user VPN for their cybersecurity needs.
But apparently, VPN solutions to remote security may not as be as safe as previously perceived. According to a recent blog post by Claroty, such news is especially troubling as the work-from-home situation continues to be part of life.
My team and I at Pure IT work with many Oil and Gas companies helping them with their IT systems and IT solutions.
The Role of Remote Code Execution (RCE) Vulnerabilities
VPN implementation has worked flawlessly for years. However, they are also prone to RCE vulnerabilities. This presents a growing concern since VPN solutions secure remote access to oil, gas and utility companies’ operational technology (OT) systems remain.
There could even be ramifications to Industrial control systems (ICE). Such systems are essential to the energy sector since they allow Calgary energy utility operators and third party suppliers to monitor and maintain their systems.
This will enable them to dial into end consumer sites as well. Successful cyberattacks to such vital systems could have disastrous effects that could trickle down to every other industry and consumer.
Vulnerable Remote Access Servers: Ideal Platform for Launching VPN Attacks
Remote access servers provide clients with encrypted tunnels to a server. In recent years, there has been a rapid shift from a client and field-based solutions to cloud-based options. However, recent tests have revealed critical security threats to all these solutions.
Such threats stem from flaws like improper handling of client HTTP requests on remote cloud gate managers such as Secomea. If such a defect if well exploited, it could grant an attacker unrestricted an oil or gas company’s internal network. They could also be able to decrypt all incoming VPN traffic.
Is There a Cause For Alarm?
The researchers at Claroty found even more alarming vulnerabilities Moxa’s EDR-G902/3 series of industrial VPN servers. They discovered that an attacker could trigger stalk based overflow vulnerability using a specially crafted HTTP request.
Such a bug also allows attackers to carry out RCE without the need for passwords or other security credentials. They could also trigger a DDoS scale attack by leaving a large cookie stalked overflows to overwhelm the system.
eCatcher remote access solutions (ICS) are also susceptible to similar vulnerabilities. Such attacks can be triggered by opening emails or visiting suspicious sites that contain malware. This results in a stalk-buffer vulnerability (CVE-2020-14498). In a worst-case scenario, such attacks could have crippling effects on Calgary’s oil and gas companies.
Actions Taken to Secure Networking Systems from VPN Vulnerabilities
Fortunately, at least someone caught wind of such vulnerabilities before it posed a greater danger to core oil and gas facilities in Calgary. Claroty took further steps towards the solution by notifying the concerned solutions provider.
Here are some of the measures taken thus far:
- Secomea created a patch the CVE-2020-14500 critical vulnerability. This downloadable update has been available since July 16, 2020.
- Moxa provided a patch for (CVE-2020-14511), which has been available since Jun 9, 2020
- eWon also created a fix for HMS network issues it’s been available since mid-July, 2020.
The Canadian Centre for Cyber Security (CCCS) has conducted assessments that revealed more vulnerabilities in other systems. Such systems include both OT and those with a direct internet connection. Their findings led to national advisories for dealing with the issue.
Staying engaged in the problem is the best way to find a lasting solution. Moving forward, everyone hopes that oil and gas companies adhere to such advisories. This is the best way to keep our critical infrastructure safe from malicious cyber-attacks that could hold our nation at ransom.