INFRA:HALT vulnerabilities impact the closed source TCP/IP stack NicheStack that is used in millions of Operational Technologies and Industrial Control Systems, especially in the discrete and process manufacturing industries. Among the vulnerabilities are DNS cache poisoning, TCP spoofing, Denial of Service and Remote Code Execution. Successful attacks can result in taking OT and ICS devices offline and having their logic hijacked. Hijacked devices can spread malware to where they communicate on the network.
Forescout Research Labs partnered with JFrog Security Research to disclose INFRA:HALT, a set of 14 new vulnerabilities affecting the HCC-owned, closed source TCP/IP stack NicheStack. NicheStack was originally developed by InterNiche Technologies and has been in use for 20 years across critical infrastructure sectors. Nearly all major industrial automation vendors incorporate NicheStack in their products and solutions.
On today’s No Name Security Podcast, Matt Stephenson welcomes Forescout Researchers Daniel dos Santos, Stanislav Dashevskyi and Engineer Anil Mahale for a discussion of Forescout's and JFrog’s joint research project INFRA:HALT. We dive into what the NicheStack TCP/IP stack is, how it is vulnerable and what that means to the cybersecurity world and you. Seems like some pretty esoteric stuff, yeah? You’ll be surprised how much this impacts your life.
About Daniel dos Santos
Daniel dos Santos is a Research Manager at Forescout Technologies, where he leads a vulnerability and threat research team. He also collaborates on the research and development of innovative features for network security monitoring.
Daniel holds a PhD in computer science from the University of Trento, Italy, and has published over 30 journal and conference papers on cybersecurity. He has experience in software development, security testing, and research
About Stanislav Dashevskyi
Stan earned his Master's degree in Automation and Control Systems from the National Mining University of Ukraine, and his Ph.D. from the International Doctorate School in Information and Communication Technologies at the University of Trento
About Anil Mahale
Anil Mahale is a Software Engineering Manager at Forescout Technologies. He has over 10 years in the cybersecurity industry both on the product development and engineering side as well as threat and vulnerability research.
Anil earned his Masters in Computer Science at the University of Texas at Dallas and his Bachelors in Electronics and Communications Engineering at Visvesvaraya Technological University
About Matt Stephenson
Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well.
In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know...
Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy.
Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round...
If you tuned in to any of my previous podcasts, there’s great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We’re still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts!
Make sure you Subscribe, Rate and Review!