Increasing threats of vulnerabilities are steadily rising, particularly in sensitive areas such as OT systems and network devices, putting vital infrastructure at risk, according to data released by Skybox Research Lab in its ‘Vulnerability and Threat Trends Mid-Year Report 2021.’ The skyrocketing number of OT devices in many organizations, fueled in part by the explosion of IIoT (Industrial Internet of Things) products, is adding to the challenge. To make matters worse, many of these formerly air-gapped systems are now being connected to networks for purposes of automation and remote monitoring and maintenance, exposing them to external threats.
Hackers are increasingly attacking operational technology (OT) systems as low-hanging fruit and ransomware attacks are becoming commonplace. Cybercriminals know how indispensable OT assets and the systems they control are, and that companies will pay hefty ransoms to avoid disruptions and shutdowns, Skybox said. While OT vulnerabilities have become a high-value target for threat actors, those same flaws are often invisible to security teams. That’s because many OT systems are hard or impossible to scan.
Cybercriminals are all too aware that OT systems are ripe for the picking, and that ransomware attacks on those systems have a high likelihood of paying off. Companies simply can’t afford to have these essential systems disabled, so they are often willing to pay large sums to keep them online.
New vulnerabilities in OT devices were up 46 percent in the first six months of this year compared to the first half of 2020, posing a growing threat to critical infrastructure and other vital systems, made manifest in a series of high-profile attacks on facilities such as oil pipelines, water supplies, and food processing facilities, according to the Skybox report. To make matters worse, it can be difficult or impossible to identify and remediate OT vulnerabilities through scanning and patching.
In the first half of 2021, Skybox data revealed that there were 519 CVEs (critical vulnerabilities and exposures) in the OT sector reported by CISA, compared to 356 CVEs in the first half of last year. CISA advisories on OT vulnerabilities grew similarly, by 45 percent. Hackers are taking advantage of these OT weaknesses in ways that do not only endanger individual companies but also threaten public health and safety and the economy as a whole.
Nearly all major vendors of OT equipment reported increases in vulnerabilities, especially Siemens. The number of new unique CVEs assigned to Siemens vulnerabilities doubled in the first half of this year compared to the same period last year, the report said. This could be in part because of the key role played by Siemens in terms of its market share with various products, or perhaps because of more thorough reporting by the company during this period.
At best, companies scan OT systems infrequently, maybe once or twice a year, as they cannot afford to take these mission-critical systems offline or degrade service, according to the report. Likewise, patching many OT systems is technically impossible or too cumbersome and costly to address all vulnerabilities.
Skybox Research Lab detected that network infrastructure is also increasingly at risk, as network device vulnerabilities rose by nearly 20 percent compared to the first six months of 2020. Products such as routers, VPNs (virtual private networks), and firewalls – intended to power and protect networks – are in many cases providing new entry points for malicious actors. As with OT systems, network devices can be difficult to scan and patch.
Like OT, network devices are an ‘Achilles heel’ for many organizations. These devices are critically important parts of the infrastructure, yet their security flaws are often invisible because network devices are difficult or impossible to effectively scan. Scanning can impact performance or even shut down systems and is further complicated by the need for special passwords and access privileges.
OT security has become a growing cause for worry in recent years. As Gartner Research puts it, “OT systems are usually the crown jewels for organizations. They are core systems for value and revenue creation. If they go down, they cripple operations.” Despite the criticality of these facilities, the security measures in place on OT products are often weak or nonexistent. For example, many devices still use generic default passwords and have insecure APIs and protocols that don’t enforce proper authentication.
The report said that there were 9,444 new vulnerabilities reported in the first half of this year, not far off last year’s record-setting pace. These new vulnerabilities add to a daunting cumulative total that’s making it harder than ever for security organizations to make a dent without knowing which vulnerabilities present the highest risk. The frequency and scope of malicious activity are increasing apace.
Exploits in the wild are on the upswing, as this report details, and so far 2021 has seen some of the most audacious and potentially devastating cyberattacks in history— some exploiting OT and network vulnerabilities to disrupt vital facilities, such as public utilities and energy infrastructure. At the same time, security organizations have had their hands full managing the massive technological shifts required by the pandemic, while also coping with staffing limitations and a slew of competing priorities.
As new vulnerabilities arise, attack vectors are springing up to exploit them and capitalize on emerging economic opportunities, Gidi Cohen, CEO and founder, Skybox Security said. “Witness the boom in cryptomining malware and the ongoing growth of ransomware. Threat actors now have a robust set of tools and a flourishing ecosystem to support their endeavors. Vendors of exploit kits and malware-as-a-service make it simpler than ever to mount campaigns and launch attacks, with cryptocurrency easing the movement of money and collection of ransoms,” he added.
More vulnerabilities present more opportunities for exploits, and threat actors are taking advantage. The number of new vulnerabilities exploited in the wild increased 30 percent relative to the same period last year. While new malware increased in almost every category, cryptojacking topped the list. This type of malware, which hijacks computer systems for cryptocurrency mining, more than doubled. This is just the latest example of how dynamic an industry malware has become, quickly adapting its offerings and business models to serve emerging markets.
Skybox reported that another malware category that grew in the first half of this year is ransomware, which rose by 20 percent compared to the first half of last year. Given the increasing popularity and profitability of ransomware attacks, it is likely that this class of malware will continue to grow in the years ahead.
The report also found that the malware creators have new vulnerabilities on their radar, and are actively developing novel malware to take advantage of the latest weaknesses. Often this is accomplished by simply tweaking existing malware to perform new exploits.