Biannual ICS Risk & Vulnerability report: Claroty discovers ICS vulnerability disclosures grew 110% over the last four years

0
7

Claroty recently released new research, “Biannual ICS Risk & Vulnerability Report,” in which the Industrial control system (ICS) vulnerability disclosures grew a staggering 110% over the last four years.

Additionally, the report found that ICS vulnerabilities are expanding beyond operational technology (OT) to the Extended Internet of Things (XIoT), with 34% affecting IoT, IoMT, and IT assets in 2H 2021.

The report presents a comprehensive analysis of ICS vulnerability data from Team82, Claroty’s award-winning research team, along with trusted open sources, including the National Vulnerability Database (NVD), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), CERT@VDE, MITRE, and industrial automation vendors Schneider Electric and Siemens.

“The increase in digital transformation, combined with converged ICS and IT infrastructure, enables researchers to expand their work beyond operational technology (OT), to the Extended IoT (XIoT). High-profile cyber incidents in 2H 2021 such as the Tardigrade malware, the Log4j vulnerability and the ransomware attack on NEW Cooperative show the fragility of these networks, stressing the need for security research community collaboration to discover and disclose new vulnerabilities,” said Amir Preminger, vice president of research at Claroty.

The following are other key findings based on the report:

  • 34% of vulnerabilities disclosed affect IoT, IoMT, and IT assets, showing that organizations will merge OT, IT, and IoT under converged security management. Therefore, asset owners and operators must have a thorough snapshot of their environments to manage vulnerabilities and reduce exposure.
  • Third-party companies disclosed 50% of the vulnerabilities, and a majority of these were discovered by researchers at cybersecurity companies, shifting their focus to include ICS alongside IT and IoT security research. In addition, 55 new researchers reported vulnerabilities during 2H 2021.
  • Vulnerabilities disclosed by internal vendor research grew 76% over the last four years. This demonstrates a maturing industry and discipline around vulnerability research, as vendors are allocating more resources to the security of their products.
  • 87% of vulnerabilities are low complexity, meaning they don’t require special conditions, and an attacker can expect repeatable success every time. 70% don’t need special privileges before successfully exploiting a vulnerability, and 64% of vulnerabilities require no user interaction. 
  • 63% of the vulnerabilities disclosed may be exploited remotely through a network attack vector, indicating that the need for secure remote access solutions, which accelerated due to the COVID-19 pandemic, is here to stay.
  • Claroty’s Team82 continues to lead the way in ICS vulnerability research, having disclosed 110 vulnerabilities in 2H 2021 and more than 260 vulnerabilities to date. 
  • The maximum potential impact is remote code execution (prevalent in 53% of vulnerabilities), followed by denial-of-service conditions (42%), bypassing protection mechanisms (37%), and allowing the adversary to read application data (33%). 
  • The top mitigation step is network segmentation (recommended in 21% of vulnerability disclosures), followed by ransomware, phishing, and spam protection (15%) and traffic restriction (13%).

Read the complete set of findings, in-depth analysis, and additional steps to defend against improper access and risks by downloading the Biannual ICS Risk & Vulnerability Report: 2H 2021.

Team82’s newly launched Slack channel is also available for additional discussion and insight into the report. Join here.