According to a new report, the remote exploitation of industrial control system vulnerabilities is on rise. The report on ICS vulnerabilities comes from operational technology security company Claroty.
“There is a heightened awareness of the risks posed by ICS vulnerabilities and a sharpened focus among researchers and vendors to identify and remediate these vulnerabilities as effectively and efficiently as possible,” Amir Preminger, VP of Research at Claroty, said in a press release. “We recognised the critical need to understand, evaluate, and report on the comprehensive ICS risk and vulnerability landscape to benefit the entire OT security community. Our findings show how important it is for organisations to protect remote access connections and internet-facing ICS devices, and to protect against phishing, spam, and ransomware, in order to minimise and mitigate the potential impacts of these threats.”
Claroty’s inaugural Biannual ICS Risk & Vulnerability Report assesses 365 ICS vulnerabilities published by the National Vulnerability Database and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team affecting 53 vendors.
Claroty researchers found that as reliance on remote access in industrial networks continues to increase during the COVID-19 pandemic, so too are remotely exploitable ICS vulnerabilities. According to the report, more than 70 percent of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely.
When compared to the same timeframe in 2019, ICS vulnerabilities published by the NVD increased by 10.3 percent from 331, while ICS-CERT advisories increased by 32.4 percent from 105. More than 75 percent of vulnerabilities were assigned high or critical Common Vulnerability Scoring System scores.
According to the report, the most common potential impact of these vulnerabilities was remote code execution. Researchers found this was possible with 49 percent of vulnerabilities. Forty-one percent allowed for the ability to read application data, 39 percent allowed for denial of service, and 37 percent could allow malicious actors to bypass protection mechanisms.
“The prominence of remote exploitation has been exacerbated by the rapid global shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic,” the release says.
The report also indicates that the latest ICS vulnerabilities were most prevalent in energy, critical manufacturing, and water & wastewater sectors of critical infrastructure.
“Of the 385 unique Common Vulnerabilities and Exposures (CVEs) included in the advisories, energy had 236, critical manufacturing had 197, and water & wastewater had 171,” the release says. “Compared to 1H 2019, water & wastewater experienced the largest increase of CVEs (122.1%), while critical manufacturing increased by 87.3% and energy by 58.9%.”
Claroty researchers discovered 26 of the ICS vulnerabilities disclosed during 1H 2020. The team prioritized critical or high-risk vulnerabilities that could affect the availability, reliability, and safety of industrial operations. They focused on ICS vendors and products with vast install bases and integral roles in industrial operations. These 26 vulnerabilities could have serious impacts on affected OT networks, because more than 60 percent enable some form of RCE.
“For many of the vendors affected by Claroty’s discoveries, this was their first reported vulnerability,” the release says. “As a result, they proceeded to create dedicated security teams and processes to address the rising vulnerability detections due to the convergence of IT and OT.”