Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Survey recaps well-known cybersecurity hurdles for Operational Technol...
AI model o3 defies shutdown commands autonomously, with code tampering
ATxEnterprise 2025 Boosts Global Participation, Reinforces Singapore&#...
Will your organization’s defenses be breached due to your suppliers’ w...
Ransonware attack cripples computational software at the worst possibl...
LOGIN REGISTER
CybersecAsia
  • Conference 2025
  • Features
    • Featured

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Thursday, May 29, 2025, 5:04 PM Asia/Singapore | Features, Newsletter
    • Featured

      How the UAE proactively protects its digital economy

      How the UAE proactively protects its digital economy

      Monday, May 19, 2025, 2:16 PM Asia/Singapore | Features
    • Featured

      Navigating blockchain adoption amid rising security challenges

      Navigating blockchain adoption amid rising security challenges

      Wednesday, May 14, 2025, 12:32 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2024
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Conference 2025
  • Features
    • Featured

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Thursday, May 29, 2025, 5:04 PM Asia/Singapore | Features, Newsletter
    • Featured

      How the UAE proactively protects its digital economy

      How the UAE proactively protects its digital economy

      Monday, May 19, 2025, 2:16 PM Asia/Singapore | Features
    • Featured

      Navigating blockchain adoption amid rising security challenges

      Navigating blockchain adoption amid rising security challenges

      Wednesday, May 14, 2025, 12:32 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2024
  • Directory
  • E-Learning
News

How vulnerable are the routers used in some ASEAN operational/IoT environments?

By CybersecAsia editors | Monday, August 19, 2024, 4:53 PM Asia/Singapore

How vulnerable are the routers used in some ASEAN operational/IoT environments?

One firmware analysis of popular OT/IoT routers in parts of ASEAN suggests some trends in risk exposure levels embedded in firmware

Based on Dec 2023 analyses of firmware images from 39 manufacturers of OT/IoT network equipment available on the internet*, a cybersecurity firm has announced its findings about routers used in operational technology (OT) and IoT systems.

First, the analyzed images contained outdated software components that were linked to existing (“n-day”) vulnerabilities. The “popular” OT/IoT router firmware images analyzed had an average of 20 exploitable n-day vulnerabilities affecting the kernel, with widening security gaps. 

Second, based on extrapolations of the market reach of the manufacturers of the analyzed firmware images, the firm asserts there are 22m exposed devices in the ASEAN region, with those in Singapore being the most exposed OT/internet connection sharing devices (and the highest percentage of exposed IT devices), followed by those in Vietnam, Thailand, Malaysia and Indonesia. The disclaimer is that countries with the most exposed devices in the analysis were not necessarily the most compromised.

Third, in terms of compromised/malicious IP addresses, the rankings for the four relevant ASEAN router manufacturers in the analysis were, in descending order, Vietnam (31.89%), Thailand (20.86%), Indonesia (18.28%) and Singapore (11.79%).

Fourth, a key finding was that there has been a decline in routers being released with default login credentials (such as ID: admin, PW: admin). However, there were numerous issues of custom patching by vendors that “do not change component versions and create confusion about what is actually vulnerable.”

According to Barry Mainz, CEO, Forescout, the firm that publicized the commissioned analysis: “To effectively mitigate risks in an environment increasingly dominated by OT and Internet of Things, we need a comprehensive asset inventory that identifies crucial details through both passive and active methods. Integrating this data with Software Bills of Materials helps us deliver targeted risk information and enforce security measures essential for protecting our digital infrastructure.”

*a total of 290 firmware images narrowed down to include only devices that function as cellular routers, have firmware images that can be automatically analyzed, and are relatively popular (based on results from the Shodan search engine). From this refined list, five firmware images were shortlisted.

Share:

PreviousHave your organization’s Windows systems been patched yet?
NextMaking sense of the EU AI Act of August 2024

Related Posts

Foiling ransomware is easy, but what about the double-threat kind?

Foiling ransomware is easy, but what about the double-threat kind?

Friday, October 1, 2021

Chinese espionage APT expands to target Africa and the Caribbean

Chinese espionage APT expands to target Africa and the Caribbean

Thursday, May 30, 2024

Why did enterprises pay off ransomware groups and motivate them even more?

Why did enterprises pay off ransomware groups and motivate them even more?

Friday, July 23, 2021

Severe vulnerability of engineering stations by one manufacturer disclosed

Severe vulnerability of engineering stations by one manufacturer disclosed

Tuesday, March 2, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    With only a small IT team, the digital transformation has united operations across 30 locations, …Read more
  • Automating border control and security with facial recognition technology

    Automating border control and security with facial recognition technology

    Indonesia Immigration & Seaport Authorities enhances security and speeds up border control queues at Batam …Read more
  • Securing wealth advisory services without unnecessary friction: Endowus

    Securing wealth advisory services without unnecessary friction: Endowus

    The wealth advisory platform demonstrates its non-negotiable commitment to a robust security posture through partnering …Read more
  • LifeTech group sets up next-gen security operations center in Malaysia

    LifeTech group sets up next-gen security operations center in Malaysia

    By partnering with a unified cybersecurity platform, the firm will be offering cost-effective advanced SOC …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.