ICS vulnerabilities spiked 41% in 1H21

By Dylan Bushell-Embling
Monday, 23 August, 2021

ICS vulnerabilities spiked 41% in 1H21

The number of reported vulnerabilities in industrial control systems (ICS) surged 41% during the first half of 2021 compared to the prior six months, research from industrial IoT security company Claroty indicates.

The company’s biannual ICT Risk & Vulnerability Report found that 637 ICS vulnerabilities were disclosed in 1H21. Of these, 71% were classified as high or critical vulnerabilities.

More than four in five (81%) reported vulnerabilities were discovered by sources other than the ICS system vendor, including third-party companies, independent researchers, academics and other researchers.

Concerningly, 90% of the vulnerabilities were also classified as having a low attack complexity, meaning they do not require special conditions and an attacker can expect repeatable success every time.

Three-quarters of the vulnerabilities do not require privileges for the attacker to use and 66% do not require user interaction. In addition, 61% are remotely exploitable, 65% may cause total loss of availability and 26% have no or only a partial fix available.

Claroty VP of Research Amir Preminger said the results show that vulnerabilities in ICS and operational technology are both a growing threat and an increasing focus for security researchers.

“As more enterprises are modernising their industrial processes by connecting them to the cloud, they are also giving threat actors more ways to compromise industrial operations through ransomware and extortion attacks,” he said.

“The recent cyber attacks on Colonial Pipeline, JBS Foods and the Oldmsar, Florida water treatment facility have not only shown the fragility of critical infrastructure and manufacturing environments that are exposed to the internet, but have also inspired more security researchers to focus their efforts on ICS specifically.”

Image credit: ©stock.adobe.com/au/metamorworks

Related News

Govt organisations facing cyber attacks

Nearly three in four government organisations surveyed for Kaspersky Lab research experienced a...

eftpos first non-gov exchange accredited under TDIF

eftpos's connectID has become the first officially accredited non-government operator of a...

Honeywell Type 1A CSS to support Aus Govt cybersecurity

Honeywell has launched its Type 1A CSS, featuring cybersecurity protection and threat prevention,...

  • All content Copyright © 2021 Westwick-Farrow Pty Ltd