Remotely exploitable ICS vulnerabilities on the rise: report

Claroty

Friday, 21 August, 2020
Remotely exploitable ICS vulnerabilities on the rise: report

More than 70% of industrial control system (ICS) vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections, according to the inaugural Biannual ICS Risk & Vulnerability Report, released by Claroty.

The report comprises The Claroty Research Team’s assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during 1H 2020, affecting 53 vendors. The Claroty Research Team discovered 26 of the vulnerabilities included in this dataset.

Compared to 1H 2019, ICS vulnerabilities published by the NVD increased by 10.3% from 331, while ICS-CERT advisories increased by 32.4% from 105. More than 75% of vulnerabilities were assigned high or critical Common Vulnerability Scoring System (CVSS) scores.

“There is a heightened awareness of the risks posed by ICS vulnerabilities and a sharpened focus among researchers and vendors to identify and remediate these vulnerabilities as effectively and efficiently as possible,” said Amir Preminger, VP of Research at Claroty. “We recognised the critical need to understand, evaluate and report on the comprehensive ICS risk and vulnerability landscape to benefit the entire OT security community. Our findings show how important it is for organisations to protect remote access connections and internet-facing ICS devices, and to protect against phishing, spam and ransomware, in order to minimise and mitigate the potential impacts of these threats.”

Prominence of RCE vulnerabilities highlights need to protect internet-facing ICS devices

According to the report, more than 70% of the vulnerabilities published by the NVD can be exploited remotely, reinforcing the fact that fully air-gapped ICS networks that are isolated from cyber threats have become vastly uncommon. Additionally, the most common potential impact was remote code execution (RCE), possible with 49% of vulnerabilities — reflecting its prominence as the leading area of focus within the OT security research community — followed by the ability to read application data (41%), cause denial of service (DoS) (39%) and bypass protection mechanisms (37%). The prominence of remote exploitation has been exacerbated by the rapid global shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic.

Vulnerabilities in energy, critical manufacturing, water and wastewater sectors on the rise

The energy, critical manufacturing and water/wastewater infrastructure sectors were by far the most impacted by vulnerabilities published in ICS-CERT advisories during 1H 2020. Of the 385 unique Common Vulnerabilities and Exposures (CVEs) included in the advisories, energy had 236, critical manufacturing had 197 and water/wastewater had 171. Compared to 1H 2019, water and wastewater experienced the largest increase of CVEs (122.1%), while critical manufacturing increased by 87.3% and energy by 58.9%.

Assessment of ICS vulnerabilities discovered by Claroty

The Claroty Research Team discovered 26 ICS vulnerabilities disclosed during 1H 2020, prioritising critical or high-risk vulnerabilities that could affect the availability, reliability and safety of industrial operations. The team focused on ICS vendors and products with vast install bases, integral roles in industrial operations, and those that utilise protocols in which Claroty researchers have considerable expertise. These 26 vulnerabilities could have serious impacts on affected OT networks, because more than 60% enable some form of RCE.

For many of the vendors affected by Claroty’s discoveries, this was their first reported vulnerability. As a result, they proceeded to create dedicated security teams and processes to address the rising vulnerability detections due to the convergence of IT and OT.

To access the complete set of findings and in-depth analysis, download the Claroty Biannual ICS Risk & Vulnerability Report: 1H 2020 here.

On Thursday, 27 August, Claroty will lead a webinar, ‘The ICS Risk & Vulnerability Landscape: What You Need to Know’, to discuss the key findings of the report. Register here.

Image: ©stock.adobe.com/au/Gorodenkoff

Related News

Claroty appoints Wavelink as sole distributor for entire Australian business

Wavelink has announced that cybersecurity solutions company Claroty has awarded Wavelink the sole...

Nozomi Networks extends partnership with Yokogawa

Nozomi Networks OT and IoT visibility and threat detection capabilities are now part of...

Nozomi Networks secures funding from Mitsubishi and Schneider Electric

Nozomi Networks has secured $100 million to accelerate OT cyber-defence technology.

Content from other channels on our network

Future Made in Australia Act welcomed by climate orgs

An interconnected ASEAN Power Grid: report

What Australia thinks about the energy transition

Call for improved train lighting to save lives

Foiling hackers in the smart home era

New partnership to focus on textile recycling

NSW South Coast gains its first community battery

Untapped solar could achieve billions in savings

Concerning level of 'forever chemicals' in global source water

The sustainability sector's thoughts on a 'future made in Australia'

Engaging the workforce with safety wearables: key considerations

Using shipping containers to boost height safety

Reducing hazards around powerlines

Vic metal finisher charged after fatal crush incident

Safety reminder issued after spike in construction falls

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd