Third parties shining light on ICS vulnerabities
The number of vulnerabilities in industrial control systems (ICS) disclosed during the second half of 2020 grew 25% year on year as security gaps in remote work environments expanded attack services for industrial networks, according to Claroty.
Research from the industrial cybersecurity company found that 449 vulnerabilities affecting ICS products from 59 vendors were disclosed during 2H20.
Of the disclosed vulnerabilities, 70% were classed as high or critical on the Common Vulnerability Scoring System (CVSS) and 76% do not require authentication for exploitation.
The research also found that 71% of ICS vulnerabilities disclosed during the six-month period were remotely exploitable through network attack vectors.
Reported vulnerabilities increased across the critical manufacturing, energy, and water and wastewater sectors, which were by far the sectors most impacted by the vulnerabilities disclosed during the period.
“The accelerated convergence of IT and OT networks due to digital transformation enhances the efficiency of ICS processes, but also increases the attack surface available to adversaries,” Claroty VP of Research Amir Preminger commented.
“Nation-state actors are clearly looking at many aspects of the network perimeter to exploit, and cybercriminals are also focusing specifically on ICS processes, which emphasises the need for security technologies such as network-based detection and secure remote access in industrial environments.”
Third-party researchers were responsible for 61% of discoveries during 2H20, many of which were cybersecurity companies. Among the third-party discoveries, 22 reported their first disclosures.
“It is heartening to see a growing interest in ICS within the security research community, as we must shine a brighter light on these vulnerabilities in order to keep threats at arm’s length,” Preminger said.
ACSC releases cybersecurity video training for privileged users
A series of training videos offers a practical, engaging way for privileged information and...
ACSC critical alert for Fortinet Firewalls and VPN Gateways
The Australian Cyber Security Centre has raised an alert that it is aware a widespread malicious...
Home Affairs announces Horizon 2 of national cybersecurity strategy
The Department of Home Affairs has announced a new program of work under Horizon 2 of the...
