Project Memoria
Photo Gallery
Project Memoria
Additional Info
Job title of nominated professional (or team name) | Forescout Research Labs |
Company (where nominated professional or team is working) | Forescout Technologies Inc. |
Website | https://www.forescout.com/ |
Company size (employees) | 1,000 to 4,999 |
Country | United States |
Headquarters Region | North America |
Overview
Last year, Forescout Research Labs launched Project Memoria – the most extensive study to date of the security posture of TCP/IP stacks. The research idea came about in May 2020 during a collaboration between Forescout Research Labs and JSOF Research when they discovered the Ripple20 vulnerabilities. Following that endeavor, Forescout’s researchers hypothesized that similar vulnerabilities could exist in other TCP/IP software.
Forescout’s researchers analyzed 14 different TCP/IP stacks, uncovering 97 vulnerabilities [including Ripple20] that could impact 3 billion-plus devices around the globe. Project Memoria’s first disclosure occurred in December 2020 with AMNESIA:33 (33 vulns), followed by NUMBER:JACK (Feb. 2021, 9 vulns); NAME:WRECK (Apr. 2021, 9 vulns); INFRA:HALT (Aug. 2021, 14 vulns); and NUCLEUS:13 (Nov. 2021, 13 vulns).
Aside from finding new vulnerabilities, Project Memoria created awareness around the types of cyberattacks that could occur if those weak points in software were exploited. Elevated awareness for potential attacks means affected organizations can better prepare for security risks they otherwise would not know exist. Considering many of the analyzed TCP/IP stacks have public use cases of high importance (medical devices, wind turbine monitoring systems, remote terminal units (RTUs) and IT storage systems, etc.), organizations that find and fix these vulnerabilities can avoid experiencing severe operational and financial repercussions if such attacks do occur.
Throughout the project, Forescout engaged over 400+ potentially vulnerable vendors to make them aware of issues. The team also reviewed vendors’ patches and helped asset owners identify and mitigate the risks around vulnerable/un-patched devices. Forescout proactively prompted government agencies around the globe to issue critical advisories to prevent as many exploitations as possible. Forescout maintains a page with the full list of these advisories, accessible to everyone online.
Accomplishments
- The scale of this research is unprecedented. It was the largest security research project to date dedicated to understanding the vulnerabilities within TCP/IP stacks used by millions of connected devices. After analyzing 14 different TCP/IP stacks, Forescout’s researchers uncovered 97 vulnerabilities that could impact 3 billion-plus devices around the globe. This group’s work mattered and allowed vendors and asset owners across a variety of industries to realize their own vulnerabilities that otherwise could have gone unnoticed for years.
- An undertaking like this typically requires a large team but this is a small, agile group of 4 researchers with occasional phase partners of a further 1-2 individuals. Yet, despite having a small group, the team still engaged over 400+ potentially vulnerable vendors and helped asset owners identify and mitigate risks around vulnerable but unpatched devices.
- Almost every time this team discovered new vulnerabilities, it prompted government agencies around the globe to issue critical advisories. This was especially critical considering the public use cases for the analyzed TCP/IP stacks that are of high importance (medical devices, wind turbine monitoring systems, remote terminal units (RTUs) and IT storage systems, etc.) as well as severe operational/financial repercussions if the vulnerable devices for those public use cases were exploited.