TMCnet News
ICS Vulnerabilities Increased in Second Half of 2020 as Gaps in Remote Work Expand Attack SurfacesNEW YORK, Feb. 4, 2021 /PRNewswire/ -- Throughout the second half (2H) of 2020, 71% of industrial control system (ICS) vulnerabilities disclosed were remotely exploitable through network attack vectors, according to the second Biannual ICS Risk & Vulnerability Report released today by Claroty, the industrial cybersecurity company. The report also revealed a 25% increase in ICS vulnerabilities disclosed compared to 2019, as well as a 33% increase from 1H 2020. The report comprises the Claroty Research Team's discoveries alongside trusted open sources, including the National Vulnerability Database (NVD), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), CERT@VDE, MITRE, and industrial automation vendors Schneider Electric and Siemens. During 2H 2020, 449 vulnerabilities affecting ICS products from 59 vendors were disclosed. Of those, 70% were assigned high or critical Common Vulnerability Scoring System (CVSS) scores, and 76% do not require authentication for exploitation. "The accelerated convergence of IT and OT networks due to digital transformation enhances the efficiency of ICS processes, but also increases the attack surface available to adversaries," said Amir Preminger, vice president of research at Claroty. "Nation-state actors are clearly looking at many aspects of the network perimeter to exploit, and cybercriminals are also focusing specifically on ICS processes, which emphasizes the need for security technologies such as network-based detection and secure remote access in industrial environments. It is heartening to see a growing interest in ICS within the security research community, as we must shine a brighter light on these vulnerabilities in order to keep threats at rm's length." Vulnerabilities on the rise in critical manufacturing, energy, and water and wastewater sectors
Assessment of ICS vulnerabilities sees growth in third-party researchers Third-party researchers were responsible for 61% of discoveries, many of which were cybersecurity companies. This signals a change in focus to include ICS alongside IT security research, which is further evidence of the accelerated convergence between IT and OT. Among all third-party discoveries, 22 reported their first disclosures, a positive sign of growth in the ICS vulnerability research market. The Claroty Research Team discovered and disclosed 41 vulnerabilities during 2H 2020, affecting 14 vendors. These represent the direction and core objectives of the team's research focus. Overall, Claroty researchers have found and disclosed more than 70 ICS vulnerabilities to date. To access the complete set of findings, in-depth analysis, and additional steps to defend against improper access and risks, download the Claroty Biannual ICS Risk & Vulnerability Report: 2H 2020. Acknowledgements About Claroty To learn more, visit www.claroty.com. Media Contacts
View original content to download multimedia:http://www.prnewswire.com/news-releases/ics-vulnerabilities-increased-in-second-half-of-2020-as-gaps-in-remote-work-expand-attack-surfaces-301221990.html SOURCE Claroty |