ICS vulnerabilities spiked 41% in 1H21

By Dylan Bushell-Embling
Monday, 23 August, 2021

ICS vulnerabilities spiked 41% in 1H21

The number of reported vulnerabilities in industrial control systems (ICS) surged 41% during the first half of 2021 compared to the prior six months, research from industrial IoT security company Claroty indicates.

The company’s biannual ICT Risk & Vulnerability Report found that 637 ICS vulnerabilities were disclosed in 1H21. Of these, 71% were classified as high or critical vulnerabilities.

More than four in five (81%) reported vulnerabilities were discovered by sources other than the ICS system vendor, including third-party companies, independent researchers, academics and other researchers.

Concerningly, 90% of the vulnerabilities were also classified as having a low attack complexity, meaning they do not require special conditions and an attacker can expect repeatable success every time.

Three-quarters of the vulnerabilities do not require privileges for the attacker to use and 66% do not require user interaction. In addition, 61% are remotely exploitable, 65% may cause total loss of availability and 26% have no or only a partial fix available.

Claroty VP of Research Amir Preminger said the results show that vulnerabilities in ICS and operational technology are both a growing threat and an increasing focus for security researchers.

“As more enterprises are modernising their industrial processes by connecting them to the cloud, they are also giving threat actors more ways to compromise industrial operations through ransomware and extortion attacks,” he said.

“The recent cyber attacks on Colonial Pipeline, JBS Foods and the Oldmsar, Florida water treatment facility have not only shown the fragility of critical infrastructure and manufacturing environments that are exposed to the internet, but have also inspired more security researchers to focus their efforts on ICS specifically.”

Image credit: ©stock.adobe.com/au/metamorworks

Related News

New ASX entrants failing to detail cyber efforts

RSM Australia has warned that newly listed ASX companies are failing to detail their cyber...

archTIS wins $7m Defence contract

The Department of Defence has handed archTIS a $7m contract to allow it to expand its existing...

archTIS adds watermarking feature to NC Protect

archTIS has added a new capability within its NC Protect secure collaboration platform to help US...

  • All content Copyright © 2022 Westwick-Farrow Pty Ltd