ICS vulnerabilities spiked 41% in 1H21

By Dylan Bushell-Embling
Monday, 23 August, 2021

ICS vulnerabilities spiked 41% in 1H21

The number of reported vulnerabilities in industrial control systems (ICS) surged 41% during the first half of 2021 compared to the prior six months, research from industrial IoT security company Claroty indicates.

The company’s biannual ICT Risk & Vulnerability Report found that 637 ICS vulnerabilities were disclosed in 1H21. Of these, 71% were classified as high or critical vulnerabilities.

More than four in five (81%) reported vulnerabilities were discovered by sources other than the ICS system vendor, including third-party companies, independent researchers, academics and other researchers.

Concerningly, 90% of the vulnerabilities were also classified as having a low attack complexity, meaning they do not require special conditions and an attacker can expect repeatable success every time.

Three-quarters of the vulnerabilities do not require privileges for the attacker to use and 66% do not require user interaction. In addition, 61% are remotely exploitable, 65% may cause total loss of availability and 26% have no or only a partial fix available.

Claroty VP of Research Amir Preminger said the results show that vulnerabilities in ICS and operational technology are both a growing threat and an increasing focus for security researchers.

“As more enterprises are modernising their industrial processes by connecting them to the cloud, they are also giving threat actors more ways to compromise industrial operations through ransomware and extortion attacks,” he said.

“The recent cyber attacks on Colonial Pipeline, JBS Foods and the Oldmsar, Florida water treatment facility have not only shown the fragility of critical infrastructure and manufacturing environments that are exposed to the internet, but have also inspired more security researchers to focus their efforts on ICS specifically.”

Image credit: ©stock.adobe.com/au/metamorworks

Related News

archTIS launches NC Protect on Azure Marketplaces

Canberra-based archTIS has launched its NC Protect for Microsoft 365 on the Microsoft Azure...

Individuals now top target for cybercrooks

Cyber attacks against individuals increased 73% during the six months to April, positioning...

Akamai–Fujitsu alliance to combat rising cyberthreat

A new strategic relationship will help Australian-based organisations to defend against...

  • All content Copyright © 2022 Westwick-Farrow Pty Ltd