91% of Industrial Organizations Can Be Penetrated by Hackers

More than nine in 10 (91%) industrial organizations are vulnerable to cyber-attacks, according to a new report by Positive Technologies.

The study found that external attackers can penetrate the corporate network in all these organizations, and once inside, can obtain user credentials and complete control over the infrastructure in 100% of cases. In over two-thirds (69%) of these cases, external attackers can steal sensitive data from the organization, including information about partners and company employees and internal documentation.

In addition, penetration testers from Positive Technologies gained access to the technological segment of the network of 75% of organizations. This then enabled them to access industrial control systems (ICS) in 56% of cases.

Once malicious actors gain access to ICS components, they have the opportunity to cause severe damage and even fatalities — this includes shutting down entire productions, causing equipment to fail and triggering industrial accidents.

Positive Technologies said there is a range of factors that are making these organizations vulnerable to hackers. For example, during recent PT NAD pilot projects, its experts uncovered numerous suspicious events in the internal network of each industrial company. In one case, PT NAD registered an RDP connection to an external cloud storage, enabling 23 GB of data to be transferred to the address of this storage via RDP and HTTPS.

The vendor also noted that industrial companies often use outdated software and commonly save connection parameters (username and password) in a remote access authentication form, allowing attackers to connect to the ..

Support the originator by clicking the read the rest link below.