Hacker using malicious code showing effect of Ripple20 and need for Zero Trust

How to Combat the Crippling Effect of Ripple20

A new threat called Ripple20 is sending shockwaves through IT departments worldwide.

Ripple20 refers to a set of nineteen zero-day vulnerabilities found in a commonly-used TCP/IP software library developed by Treck Inc. It allows attackers to bypass network address translation (NAT) protections and firewalls to take control of devices undetected, with no user interaction required. Hackers can then conduct remote and denial-of-service (DoS) attacks, take control of devices, and gain access to sensitive information.

The affected library has been incorporated directly or indirectly into millions of devices and systems across every sector. Until security experts close the gaps created by Ripple20 vulnerabilities, businesses and organizations remain highly vulnerable to cyberattacks.

Patching and perimeters don’t adequately address this threat

Patches address many software vulnerabilities, but that’s not an option with Ripple20.  Cybersecurity professionals have yet to develop patches for Ripple20 vulnerabilities. And the challenges involved with Ripple20 are unique to this particular Treck stack:

  • Device age. Many Internet of Things (IoT) devices that incorporate the Treck library are up to 20 years old. In some cases, the companies that manufactured the products are no longer in existence to alert customers that the library is used in their products. In other cases, the IoT products are outside of maintenance support agreements.
  • Budget restrictions. Some device suppliers or software providers decline to patch older products, recommending that organizations buy newer products to resolve the vulnerability issues. However, funding may not exist for such capital expenses.
  • Provider reticence. Many device and software providers are being fully transparent about where they incorporated the Treck stack and what they are doing to remedy the Ripple20 vulnerabilities. However, there are also providers that do not want to admit to the problem or do not have resources to investigate the potential exposure.
  • Patch problems. Applying a patch to fix a vulnerability may cause problems with how the device operates or how it interacts with other systems. Thorough testing is required to see if updates have unwanted ramifications.
  • Partial usage. Some devices incorporated only part of the TCP/IP software library from Treck. This makes it hard to find the code or apply a patch.
  • Encrypted code. The Treck stack can be embedded into encrypted source code, hiding it from view and making it even more difficult to understand whether a device is affected by the Ripple20 vulnerabilities.

Given these patching challenges, it’s natural to consider strengthening perimeter security such as firewalls to prevent attacks originating from the outside. But that’s not option because Ripple20 vulnerabilities enable hackers to bypass perimeter security undetected.

But Zero Trust security can contain it

Since patching is problematic and traditional perimeter security is ineffective for Ripple20 vulnerabilities, organizations are looking for more appropriate solutions. Zero trust security – which requires authentication and authorization of every user before granting access to a network – is the right answer. Organizations can implement zero trust swiftly and effectively by establishing a software-defined perimeter (SDP) via identity-driven microsegmentation.

Microsegmentation creates communities of interest (COIs) that rely on encrypted communication tunnels between endpoint members based on trusted identities. Endpoints belonging to a COI cannot initiate or accept communication from non-member endpoints. At the same time, cryptography restricts non-members from intercepting intra-community communications. Microsegmentation replaces the need for firewalls, eliminating risk from the Ripple20 vulnerabilities and protecting all endpoints – including physical systems, virtual machines, IoT devices, and more – from cyber threats.

Secure environments, endpoints, and data with Zero Trust
Secure environments, endpoints, and data with Zero Trust

Here’s an example of zero trust security in action. Connected medical devices such as monitoring equipment and IV pumps deliver critical patient care and improve healthcare provider productivity through automatic data transfer to electronic health record (EHR) systems. They also increase the attack surface, as traditional perimeter-based security may not prevent threats from entering devices and moving throughout the network. The Ripple20 vulnerabilities allow attackers to slip past the perimeter firewall, working their way through medical equipment into the network and onto the EHR servers to steal patient data.

Traditional security perimeter

Identifying and patching devices affected by the Ripple20 vulnerabilities may take a long time, if it’s possible at all. But with zero trust security, identifying or patching devices are unnecessary. Instead, microsegmentation isolates EHR servers and connected devices, providing secure access only to authorized users via remote workstations. Encrypted data-in-motion can then flow securely from virtual machines, IoT devices, or IoT gateways all the way to the EHR servers.

Zero trust security

Protected by microsegmentation, the healthcare system can prevent and contain unauthorized access to medical devices and patient data while enabling secure, real-time data flow from devices to authorized users and the EHR system. This protects sensitive information from security breaches, safeguards patients, and reduces risk and potential liability.

Stronger, streamlined security – instantly

Ripple20 is comprised of zero-day vulnerabilities – wide open to exploitation by hackers. Yet even if an organization has thousands of affected devices, the risk can be eliminated in one move by implementing zero trust security through microsegmentation.

Microsegmentation protects every device and endpoint from Ripple20 vulnerabilities, regardless of whether the affected code is identified or not, present in whole or in part, patched or unpatched. It also provides security regardless of device location or mobility.

The zero trust approach authenticates and authorizes every user every time. And microsegmentation isolates devices instantly to contain an attack and minimize impact.

In addition to addressing vulnerabilities, this approach relieves IT security staff of the need to patch thousands of devices, freeing them to concentrate on value-added activities. It layers seamlessly on top of existing security solutions, avoiding the need for rip-and-replace efforts. And it reduces security costs by reducing the need to in ACLs, firewalls, VLANs, and VPNs.

Left unaddressed, Ripple20 leaves organizations vulnerable to a tidal wave of cyberattacks. With microsegmentation that delivers zero trust security, organizations can get ahead of this tsunami, protecting all devices, systems, endpoints, and data instantly.