ICS vulnerabilities increase as remote work boosts attack surface

No Comments
refinery industry

Disclosed vulnerabilities in industrial control systems (ICS) increased 335 percent in the second half of 2020 compared to the first half.

A new report from Claroty also shows that in the same period 71 percent of ICS vulnerabilities disclosed were remotely exploitable through network attack vectors.

In the second half of the year 449 vulnerabilities affecting ICS products from 59 vendors were disclosed. Of those, 70 percent were assigned high or critical Common Vulnerability Scoring System (CVSS) scores, with 76 percent not requiring authentication for exploitation.

"The accelerated convergence of IT and OT networks due to digital transformation enhances the efficiency of ICS processes, but also increases the attack surface available to adversaries," says Amir Preminger, vice president of research at Claroty. "Nation-state actors are clearly looking at many aspects of the network perimeter to exploit, and cybercriminals are also focusing specifically on ICS processes, which emphasizes the need for security technologies such as network-based detection and secure remote access in industrial environments. It is heartening to see a growing interest in ICS within the security research community, as we must shine a brighter light on these vulnerabilities in order to keep threats at arm's length."

Industry sectors hardest hit are critical manufacturing (up 15 percent from 2019 and 66 percent from 2018); energy (up eight percent from 2019 and 74 percent from 2018); water and wastewater (up 54 percent from 2019 and 63 percent from 2018); and commercial facilities (up 14 percent from 2019 and 140 percent from 2018).

Third-party researchers have been responsible for 61 percent of vulnerability discoveries, many of which were cybersecurity companies. This signals a change in focus to include ICS alongside IT security research, further evidence of the accelerated convergence between IT and OT. The Claroty Research Team discovered and disclosed 41 vulnerabilities during the 2H 2020, affecting 14 vendors.

You can find out more on the Claroty blog.

Image creditkhunaspix/depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Ubuntu Linux-based Voyager 24.04 LTS unites GNOME and Xfce

Kioxia unveils TransMemory U304 USB flash drive

Microsoft and Estée Lauder transform the beauty industry with AI

Microsoft and IBM open source MS-DOS 4.00

Software file converters: How they work and why you need them

Human risk management automation can help beat burnout

Vivaldi 6.7 debuts Memory Saver performance booster, expands Feed Reader capabilities

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

62 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

22 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

21 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

18 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

18 Comments

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

17 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.