2020 was definitely not a good year for individuals and businesses alike. However, there was one crowd that benefited immensely from the pandemic-struck world. Cybercriminals. They didn’t leave any stone unturned in finding vulnerabilities in Industrial Control Systems (ICS) and Operational Technology (OT) networks and protocols.
The scoop
The Biannual ICS Risk and Vulnerability report from Claroty evaluated all publicly disclosed vulnerabilities in ICS networks from H2 2020 and discovered a 33% increase in disclosures over 2018. Most disclosures were from critical manufacturing, waste water, energy, water, and commercial facilities industries.
Some stats your way
71.49% of bugs can be remotely executed, while 89.98% of vulnerabilities don’t require any special conditions to be exploited.
With successful exploitation, 65.7% of flaws can result in an entire loss of availability.
Every single disclosure scored high ranks in MITRE’s 2020 CWE Top 25 Most Dangerous Software Weaknesses list because of the ease of exploitation.
Other incidents affecting ICS
WestRock, the second-largest packaging firm in the U.S., was hit by a ransomware attack that impacted its OT systems. This implies that the firm’s factory processes were crippled.
The Snake ransomware has been found to be specifically crafted to target ICS. The ransomware is capable of terminating 64 disparate software processes on infected systems, including the ones specific to ICS. Bapco, Bahrain’s national oil company, is allegedly one of the victims of this ransomware.
Industrial control software by Fuji Electric has been discovered to be vulnerable to various high-severity arbitrary code execution flaws. These bugs could allow physical attacks on critical infrastruct ..
Support the originator by clicking the read the rest link below.
