sb-au logo
Story image

Cyber threats on the rise for industrial control systems, new research finds

Industrial control system (ICS) vulnerabilities are on the rise, as reliance on remote access to industrial networks has increased due to city or nationwide lockdowns.

This is according to the Biannual ICS Risk & Vulnerability Report by The Claroty Research Team.

To create the report, the researchers assessed 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during 1H 2020, affecting 53 vendors.

Compared to 1H 2019, ICS vulnerabilities published by the NVD increased by 10.3% from 331, while ICS-CERT advisories increased by 32.4% from 105.

More than 75% of vulnerabilities were assigned high or critical Common Vulnerability Scoring System (CVSS) scores.

In fact, more than 70% of industrial control system (ICS) vulnerabilities disclosed in the first half (1H) of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections.

This reinforces the fact that fully air-gapped ICS networks that are isolated from cyber threats have become vastly uncommon, Claroty states.

Additionally, the most common potential impact was remote code execution (RCE), possible with 49% of vulnerabilities - reflecting its prominence as the leading area of focus within the OT security research community - followed by the ability to read application data (41%), cause denial of service (DoS) (39%), and bypass protection mechanisms (37%).

The prominence of remote exploitation has been exacerbated by the rapid global shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic.

The report also found the latest ICS vulnerabilities most prevalent in energy, critical manufacturing, and water and wastewater sectors of critical infrastructure.

Of the 385 unique Common Vulnerabilities and Exposures (CVEs) included in the advisories, energy had 236, critical manufacturing had 197, and water and wastewater had 171.

Compared to 1H 2019, water and wastewater experienced the largest increase of CVEs (122.1%), while critical manufacturing increased by 87.3% and energy by 58.9%.

Claroty VP of research Amir Preminger says, “There is a heightened awareness of the risks posed by ICS vulnerabilities and a sharpened focus among researchers and vendors to identify and remediate these vulnerabilities as effectively and efficiently as possible.

“We recognised the critical need to understand, evaluate, and report on the comprehensive ICS risk and vulnerability landscape to benefit the entire OT security community.

"Our findings show how important it is for organisations to protect remote access connections and internet-facing ICS devices, and to protect against phishing, spam, and ransomware, in order to minimise and mitigate the potential impacts of these threats.”

The Claroty Research Team discovered 26 ICS vulnerabilities disclosed during 1H 2020, prioritising critical or high-risk vulnerabilities that could affect the availability, reliability, and safety of industrial operations.

The team focused on ICS vendors and products with vast install bases, integral roles in industrial operations, and those that utilise protocols in which Claroty researchers have considerable expertise.

These 26 vulnerabilities could have serious impacts on affected OT networks, because more than 60% enable some form of RCE. For many of the vendors affected by Claroty’s discoveries, this was their first reported vulnerability, the researchers state.

As a result, they proceeded to create dedicated security teams and processes to address the rising vulnerability detections due to the convergence of IT and OT.

Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
CrowdStrike acquires Preempt Security for $96m, develops zero trust security offerings
With this acquisition, the company plans to offer customers enhanced Zero Trust security capabilities and strengthen the CrowdStrike Falcon platform with conditional access technology. More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More