1 min read

Industrial Control Systems More Vulnerable to Hacks During COVID-19, Report Shows

Filip TRUȚĂ

August 20, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Industrial Control Systems More Vulnerable to Hacks During COVID-19, Report Shows

Seven in 10 security vulnerabilities affecting industrial control systems (ICS) can be exploited remotely, giving state-sponsored malicious actors a leg up, according to a new report. The risk has been exacerbated by the increased reliance on remote access to ICS networks amid the COVID-19 pandemic, researchers say.

The ICS Risk & Vulnerability Report released this week by Claroty covers an assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting 53 vendors.

Compared to the first half of 2019, ICS vulnerabilities published by the NVD this year increased 10.3% from 331, while ICS-CERT advisories rose 32.4% from 105. More than 75% of vulnerabilities were assigned high or critical Common Vulnerability Scoring System scores.

In a key finding, the report mentions that more than 70% of the vulnerabilities published by the NVD can be exploited remotely, while the most common potential impact is remote code execution, possible with 49% of the vulnerabilities, followed by the ability to read application data, with 41%, cause denial of service, with 39%, and bypass protection mechanisms, in 37% of cases.

Vulnerabilities in critical manufacturing and energy, water and wastewater sectors are on the rise. Of the 385 unique CVEs included in the advisories, energy accounted for 236, critical manufacturing for 197, and water & wastewater for 171. Water & wastewater experienced the largest increase of CVEs, at122.1%, compared to the first half of 2019, while critical manufacturing increased by 87.3% and energy by 58.9%.

State-sponsored malicious actors have historically used remotely-exploitable flaws to disrupt critical systems in rival nations. Yet, fully air-gapped ICS networks isolated from external threats have become very uncommon. According to the report, the prominence of remote exploitation has been exacerbated by the global shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet
Silviu STAHIE

February 08, 2023

2 min read
Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read