Claroty launches research arm Team82

Latest vulnerabilities found by Claroty’s Team82 highlight rise of ICS in the cloud

Claroty has launched Team82, the company’s research arm that provides vulnerability and threat research to its customers and defenders of industrial networks worldwide. Additionally, Team82 released a new report on critical vulnerabilities found in cloud-based management platforms for industrial control systems (ICS), highlighting the rise of ICS in the cloud and the growing need to secure cloud implementations in industrial environments.

Team82, formerly known as The Claroty Research Team, is known for its development of industrial threat signatures, protocol analysis, and discovery of ICS vulnerabilities. With a total of 146 vulnerability discoveries and disclosures to date, the ICS vulnerability research developed and released signatures for the Ripple20 and Wibu-Systems CodeMeter vulnerabilities and the threat actors that target them. Equipped with an ICS testing lab, the team works with industrial automation vendors to evaluate the security of their products.

In its latest report, Top-Down and Bottom-Up: Exploiting Vulnerabilities in the OT Cloud Era, Team82 researched the exploitability of cloud-based management platforms responsible for monitoring ICS, and developed techniques to exploit vulnerabilities in automation vendor CODESYS’ Automation Server and vulnerabilities in the WAGO PLC platform. Team82’s research mimics the top-down and bottom-up paths an attacker would take to either control a Level 1 device to eventually compromise the cloud-based management console, or the reverse, commandeer the cloud to manipulate all networked field devices.

Amir Preminger, vice-president research at Claroty, said: “Team82’s latest research was motivated by the reality that organisations in the Industry 4.0 era are incorporating cloud technology into their OT and IIoT for simplified management, better business continuity, and improved performance analytics. To fully reap these rewards, organisations must implement stringent security measures to secure data in transit and at rest, and lock down permissions.”

The new Team82 Research Hub includes the team’s latest research reports, a vulnerability dashboard for tracking the latest disclosures, its coordinated disclosure policy for working with affected vendors, its public PGP Key for securely and safely exchanging vulnerability and research information, and other resources.