When a major vulnerability recently was found in VxWorks, it may not have hit the radar screen of most IT departments. But for organizations in the automated process control and building automation sectors, the news was troubling. And even more troubling is that hundreds of thousands of organizations don't know they could now be at risk to VxWorks-borne cyberattacks.
The scale of the risk posed by the VxWorks TCP/IP stack vulnerability is the subject of a new report from Kovrr, a firm that analyzes risk for the insurance and financial industries. The report, scheduled to be made public this week, points out that VxWorks is embedded in more than 2 billion devices. Shalom Bublil, co-founder and chief risk officer at Kovrr, says the pervasiveness of Vxworks was eye-opening.
"The surprising thing is the sheer popularity of the operating system embedded in many other devices that are common in manufacturing. This was a surprise to us and I believe it will be a surprise to others as well," Bublil says.
While most IT risk scenarios focus on data loss, the report says that the greatest impact of an exploit targeting this vulnerability could be business interruption — an attack on the ability of a business to deliver products and serve the needs of their customers.
The Kovrr report doesn't name any specific companies vulnerable to such an attack, but it includes companies large enough to have an impact on global stock markets and gross domestic products are affected. The rep ..
Support the originator by clicking the read the rest link below.
