71% of vulnerabilities found in the first half of 2021 are classified as high or critical, and 90% are of low complexity, meaning an attacker can expect repeated success under a variety of conditions, says Claroty.
Industrial cybersecurity company Claroty has released a report on the state of vulnerabilities in industrial control systems (ICS) in the first half of 2021, and the data reveals several serious issues that should leave any business with an ICS system on high alert.
The number of vulnerabilities in ICS systems disclosed in the first half of 2021 showed significant acceleration, Claroty said, in its 41% increase over the number of vulnerabilities disclosed in the first half of 2020 (637 vs. 449). Of those vulnerabilities, 71% were classified as “high or critical,” and 90% had “low attack complexity,” meaning they required no special conditions and were easily repeatable by an attacker.
SEE: Security incident response policy (TechRepublic Premium)
In addition, 74% of the vulnerabilities require no privileges to execute, 66% require zero user interaction, 61% are remotely exploitable, 65% may result in total denial of access to services and 26% have either non or just partial remediation.
2021 has been a huge year for ICS and OT security, said primary report author and Claroty security researcher Chen Fradkin. Huge attacks like the ones on JBS, Colonial Pipeline and the Oldsmar, Florida water treatment plant have shown that “not only were there the obvious impacts to system availability and service delivery, but the state of resilience among industrial enterprises was exposed,” Fradkin said, adding that the U.S. government has taken notice.
Sixty percent of the vulnerabilities reported in the software side have been patched or remediated, but there’s bad news for those worried about firmware vulnerabilities, which Fradkin describes as “scarce.”
“Almost 62% of flaws in firmware had no fix or a partial remediation recommended, and most of those bugs were in products deployed at Level 1 of the Purdue Model, the Basic Control level,” Fradkin said.
With remediation levels lower than may be comfortable on both the software and firmware sides, organizations with OT and ICS networks need to take proper steps to protect those systems from attackers, especially as existing OT and ICS hardware is connected to the internet, which wasn’t considered when older hardware was developed.
Claroty recommends taking action in two areas: Network segmentation and remote access connection protection.
Networks should be segmented and configured to allow for easy remote management, each segmented zone should have specific policies suited to the machines that are on it and IT should reserve the right to inspect all traffic, especially on OT-specific protocols, Claroty said.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
As for protecting remote connections, Claroty recommends that businesses keep VPNs up to date, monitor remote connections (especially those to ICS and OT networks), enforce granular permissions and admin controls, and require the use of multifactor authentication.
“As more enterprises are modernizing their industrial processes by connecting them to the cloud, they are also giving threat actors more ways to compromise industrial operations through ransomware and extortion attacks,” said Amir Preminger, vice president of research at Claroty.