Instances of vulnerabilities in operational technology (OT) devices have skyrocketed this year, with new vulnerabilities up 46% in the first half of 2021 year-on-year.
This is according to Skybox Security's latest research, released in its annual mid-year Vulnerability and Threat Trends Report. The spike in new threats is putting vital critical infrastructure at risk, the company says.
“Critical infrastructure is the backbone of global enterprises and governments. Operational technology enables revenue creation and business continuity,” says Skybox Security founder and CEO Gidi Cohen.
“Yet, despite the criticality, the cybersecurity measures in place are still weak or nonexistent.
“Experts warned for years that vital infrastructure is a sitting duck and that it was only a matter of time before they came under widespread assault. Now, those predictions have come true.
The research found that nearly all major vendors of OT equipment reported increases in vulnerabilities. Key findings presented in this mid-year update include:
Exploits in the wild increased by 30%
The number of new vulnerabilities exploited in the wild grew 30% in H1 2021 compared to the same period last year. A growing percentage of these exploits (13% in H1 2021 versus 8% in 2020) specifically targets vulnerabilities rated as ‘medium severity on the CVSS scale.
Network device vulnerabilities grew by nearly 20%
The number of network devices such as routers, switches, firewalls, and their operating systems rose nearly 20% in H1 2021. Like OT, these devices are critically important parts of the infrastructure, yet their security flaws are often invisible because they are difficult or impossible to scan effectively.
Scanning can impact performance or even shut down systems and is further complicated by the need for special passwords and access privileges.
Ransomware up 20%
Ransomware increased by 20% versus the first half of 2020. New malware overwhelmingly exploited more recent vulnerabilities (vulnerabilities reported in the last three years).
Cryptojacking more than doubled
Cryptojacking malware, which hijacks computer systems for cryptocurrency mining, more than doubled compared to the same period last year. In some cases, malware-as-a-service providers lease botnets composed of already-infected machines to cryptominers.
Cumulative number of vulnerabilities triples in 10 years
This cumulative number of vulnerabilities is concerning. The vast majority of vulnerabilities aren't new, and the older they are, the more time threat actors have had to find and exploit. Old vulnerabilities lurk for years in networks, only to become exposed later, offering rich targets for attackers. Some of the most exploited vulnerabilities are four years old or more.
“The sheer volume of accumulated security debt — hundreds of thousands or even millions of vulnerabilities — means that security teams can't possibly isolate and patch all of them,” says Skybox Research Lab lead analyst Stav Kaufman.
“Malware evolves like viruses, with new variants springing up opportunistically in response to changing environments.
“As a result, enterprises need precise, exposure-based solutions that cut through the noise, pinpoint the real security threats and enable practical, cost-effective remediation.