Need continuing education credits? Join Us For Five Days of Education on the Industry's Leading Topics beginning October 5th!Save Your Seat
Cybersecurity

Many industrial control systems can be exploited remotely

More than 70% of industrial control system (ICS) vulnerabilities disclosed in the first half of 2020 can be exploited remotely according to a report by Claroty.

By Claroty Research Team August 19, 2020
Courtesy: Chris Vavra, CFE Media

More than 70% of industrial control system (ICS) vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections according to a report by Claroty. The report comprises The Claroty Research Team’s assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting 53 vendors. The Claroty Research Team discovered 26 of the vulnerabilities included in this data set.

“There is a heightened awareness of the risks posed by ICS vulnerabilities and a sharpened focus among researchers and vendors to identify and remediate these vulnerabilities as effectively and efficiently as possible,” said Amir Preminger, VP of Research at Claroty. “We recognized the critical need to understand, evaluate, and report on the comprehensive ICS risk and vulnerability landscape to benefit the entire OT security community. Our findings show how important it is for organizations to protect remote access connections and internet-facing ICS devices, and to protect against phishing, spam, and ransomware, in order to minimize and mitigate the potential impacts of these threats.”

According to the report, more than 70% of the vulnerabilities can be exploited remotely, reinforcing the fact that fully air-gapped ICS networks that are isolated from cyber threats are uncommon. The most common potential impact was remote code execution (RCE), possible with 49% of vulnerabilities – reflecting its prominence as the leading area of focus within the operations technology (OT) security research community – followed by the ability to read application data (41%), cause denial of service (DoS) (39%), and bypass protection mechanisms (37%). The prominence of remote exploitation has been exacerbated by the rapid global shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic.

Energy, critical manufacturing, and water/wastewater sectors are increasingly targeted

The energy, critical manufacturing, and water & wastewater infrastructure sectors were by far the most impacted by vulnerabilities published in ICS-CERT advisories during 1H 2020. Of the 385 unique common vulnerabilities and rxposures (CVEs) included in the advisories, energy had 236, critical manufacturing had 197 and water & wastewater had 171. Compared to 2019, water & wastewater experienced the largest increase of CVEs (122.1%), while critical manufacturing increased by 87.3% and energy by 58.9%.

– Edited from a Claroty press release by CFE Media.


Claroty Research Team