In many ways, Claroty’s Team82 research outfit has set a standard for OT and IoT vulnerability research. Not only have they disclosed more than 500 vulnerabilities since 2018, but they’ve worked closely with vendors on improving product safety and the establishment of numerous vulnerability disclosure programs.
In this episode of the Nexus podcast, Director of Vulnerability Research Sharon Brizinov and Vulnerability Researcher Noam Moshe discuss their research process, the resources at their disposal, and the threat landscape. Questions for this podcast were submitted from users through Claroty’s social media channels.
Listener questions dug into Team82’s research process at the outset, and how the team decides what targets it will research, and how.
“We have a lot of engagements with our customers, so we try to make sure we both understand the market and also our customers’ networks,” Brizinov explained, adding that CISOs and practitioners are often ready to share what their most pressing threats are, and how they may impact the business.
Brizinov explained that unauthorized access to OT networks is a constant theme among those discussions, prompting some of the team’s most successful research projects around, for example, VPN access to remote industrial equipment and locations, as well as bytecode manipulation affecting programmable logic controllers (PLCs), which are at the heart of many automation processes.
“We try to be on top of it and engage in a lot of discussions with our customers but also take a close look at what's going on in the market in terms of new devices, new equipment, and also trends,” he explained. “Attack trends and new attack vectors; we're trying to be on top of things this way.”
Moshe also discussed his involvement in Team82’s research cycle, from device/product targeting to desired research outcomes, such as gaining remote code execution or crashing a device—which isn’t always a 100% success.
It definitely happens sometimes when you look at a platform, you look at an architecture, you look at a device and you say ‘Yeah, it will be super cool if I can get this primitive,’ for example. And sometimes you don't get it,” Moshe said. “And while it is frustrating, you need to think to yourself and say is it worth it, and should I keep researching it—or maybe I should just refocus and try something else. Maybe look at it from a different angle or maybe put the whole project to a halt.
“So while it does happen, many times we do succeed in our goals and we find some pretty cool vulnerabilities and vulnerability chains,” Moshe continued. “But yeah, it's very very sad every time when a project and you don't get to finish it altogether. But, that's life.”
Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.