The disclosure of industrial control vulnerabilities jumped by 41% in the first half of the year as high-profile ransomware attacks against critical infrastructure grabbed headlines, according to a new report by an industrial cybersecurity company.
That 41% figure reported in Claorty’s Biannual ICS Risk & Vulnerability Report released Wednesday represents 637 industrial control vulnerabilities (ICS) for 76 vendors publicly disclosed in the first six months of 2021, compared with the 449 vulnerabilities affecting 59 vendors disclosed in the second half of 2020. Most of the vulnerabilities, 71%, were described as high or critical.
There are some eye-opening statistics in the report when it comes to the number of outside sources discovering vulnerabilities, as well as the ease of which attackers could exploit those vulnerabilities.
The vast majority of the vulnerabilities, 81%, were found by sources outside of the vendor, usually third-party companies, independent researchers, academics, and other research groups. A whopping 90% of the vulnerabilities have a low attack complexity, and most of the disclosed vulnerabilities, 61%, are remotely exploitable.
Nearly three-quarters of the vulnerabilities, or 74%, do not require privileges to access settings or files, and 66% do not require user interaction, such as opening an email, clicking on links or attachments, or sharing sensitive personal or financial information.
The number of disclosures have increased each year, 25% in 2020 from 2019, and 33% from 2018.
“As more enterprises are modernizing their industrial processes by connecting them to the cloud, they are also giving threat actors more ways to compromise industrial operations through ransomware and extortion attacks,” said Amir Preminger, vice president of research at Claroty. “The recent cyber attacks on Colonial Pipeline, JBS Foods, and the Oldmsar, Florida, water treatment facility have not only shown the fragility of critical infrastructure and manufacturing environments that are exposed to the internet, but have also inspired more security researchers to focus their efforts on ICS specifically.”
Colonial Pipeline was briefly shut down in May following a ransomware attack by DarkSide, which infected its business networks. Colonial is a major gasoline supplier to the East Coast, and the shutdown spurred fears of a gas shortage.
Meat processor JBS was also targeted by a ransomware attack in May, which disabled its slaughterhouses in the U.S., Canada and Australia.