Multiple Copeland controller flaws threaten widespread compromise
Thousands of cold storage units, HVAC, and lighting systems could be compromised in attacks exploiting 10 vulnerabilities impacting Copeland controllers collectively dubbed Frostbyte10, which could result in sweeping supply chain issues, reports The Register. Malicious actors could harness the flaws, which have already been patched by Copeland, to facilitate remote code execution with root privileges, according to Armis security researchers, who discovered and reported the bugs. While there has been no evidence indicating active exploitation of Frostbyte10, attackers could use the flaws to target retailers, with Copeland's systems being installed across two-thirds of North American grocery stores. "Attackers go after the targets that would generate the most revenue or advantage. If I can hold for ransom, something where the business loses money every second that goes by, that's what I'm targeting. For retailers: their supplies, their food, everything that's being held in that fashion is absolutely a target," said Armis Chief Technology Officer and co-founder Nadir Izrael.
