Industrial Control Systems More Vulnerable to Hacks During COVID-19, Report Shows
Seven in 10 security vulnerabilities affecting industrial control systems (ICS) can be exploited remotely, giving state-sponsored malicious actors a leg up, according to a new report. The risk has been exacerbated by the increased reliance on remote access to ICS networks amid the COVID-19 pandemic, researchers say.
The ICS Risk & Vulnerability Report released this week by Claroty covers an assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting 53 vendors.
Compared to the first half of 2019, ICS vulnerabilities published by the NVD this year increased 10.3% from 331, while ICS-CERT advisories rose 32.4% from 105. More than 75% of vulnerabilities were assigned high or critical Common Vulnerability Scoring System scores.
In a key finding, the report mentions that more than 70% of the vulnerabilities published by the NVD can be exploited remotely, while the most common potential impact is remote code execution, possible with 49% of the vulnerabilities, followed by the ability to read application data, with 41%, cause denial of service, with 39%, and bypass protection mechanisms, in 37% of cases.
Vulnerabilities in critical manufacturing and energy, water and wastewater sectors are on the rise. Of the 385 unique CVEs included in the advisories, energy accounted for 236, critical manufacturing for 197, and water & wastewater for 171. Water & wastewater experienced the largest increase of CVEs, at122.1%, compared to the first half of 2019, while critical manufacturing increased by 87.3% and energy by 58.9%.
State-sponsored malicious actors have historically used remotely-exploitable flaws to disrupt critical systems in rival nations. Yet, fully air-gapped ICS networks isolated from external threats have become very uncommon. According to the report, the prominence of remote exploitation has been exacerbated by the global shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic.
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns
January 19, 2023
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022