Industrial cybersecurity company Claroty revealed on Thursday a 25 percent rise for the second half of 2020 in industrial control system (ICS) vulnerabilities compared to 2019, with over 70 percent of flaws remotely exploitable through network attack vectors. In its second ‘Biannual ICS Risk & Vulnerability Report,’ Claroty also recorded a 33 percent rise in ICS loopholes from the first half of last year.
Claroty disclosed in August last year during the first half of last year that about 70 percent of the vulnerabilities disclosed can be remotely exploitable using a network attack vector. This observation reinforces the fact that fully air-gapped OT (operational technology) networks that are fully isolated from cyber threats have become exceedingly uncommon, highlighting the critical importance of protecting internet-facing ICS devices and remote access connections, the company added.
In the last six months of last year, 449 security vulnerabilities were recorded affecting ICS products from 59 vendors. Of those, 70 percent were assigned high or critical Common Vulnerability Scoring System (CVSS) scores, and 76 percent do not require authentication for exploitation, Claroty said Thursday.
The report also found that 47 percent of the disclosed ICS vulnerabilities affect Levels 1 and 2 of the Purdue Model of security layers, while about 76 percent of disclosed ICS vulnerabilities do not require authentication for exploitation.
“The accelerated convergence of IT and OT networks due to digital transformation enhances the efficiency of ICS processes, but also increases the attack surface available to adversaries,” said Amir Preminger, Claroty’s vice president of research in a press statement.
The critical manufacturing, energy, water and wastewater, and commercial facilities sectors, designated as critical infrastructure sectors, were by far the most impacted by vulnerabilities disclosed during the second half of last year.
Vulnerabilities in critical manufacturing increased 15 percent from the second half of 2019 and 66 percent from the second half of 2018. The energy sector rose 8 percent from the second half of 2019 and a whopping 74 percent from the second half of 2018, while vulnerabilities in the water and wastewater sectors witnessed an increase of 54 percent from the second half of 2019 and 63 percent from the second half of 2018.
The number of ICS vulnerabilities disclosed in 2020 increased by over 30 percent compared to 2018 and nearly 25 percent compared to 2019, Claroty disclosed. Two factors contribute to this spike in recent years: a heightened awareness of the risks posed by ICS vulnerabilities, and researchers and vendors increasingly focused on identifying and remediating security flaws as effectively and efficiently as possible. This growth indicates security research focused on ICS products is maturing.
Third-party researchers were responsible for 61 percent of discoveries, many of which were cybersecurity companies. This signals a change in focus to include ICS alongside IT security research, which is further evidence of the accelerated convergence between IT and OT. Among all third-party discoveries, 22 reported their first disclosures, a positive sign of growth in the ICS vulnerability research market.
The Claroty Research Team discovered and disclosed 41 vulnerabilities during the second half of last year, affecting 14 vendors. These represent the direction and core objectives of the team’s research focus. Overall, Claroty researchers have found and disclosed more than 70 ICS vulnerabilities to date.
“Nation-state actors are clearly looking at many aspects of the network perimeter to exploit, and cybercriminals are also focusing specifically on ICS processes, which emphasizes the need for security technologies such as network-based detection and secure remote access in industrial environments,” said Claroty’s Preminger. “It is heartening to see a growing interest in ICS within the security research community, as we must shine a brighter light on these vulnerabilities in order to keep threats at arm’s length.”
Increased dependence and rise in remote access of industrial networks during the COVID-19 pandemic has led to a rise in the number of remotely exploitable ICS vulnerabilities. For industrial IT and OT systems, the shift exposed industrial networks to increased security threats through remote connections that inherently expanded an organization’s attack surface.