This post is also available in: עברית (Hebrew)
During 2022, we saw a rise in the sophistication and sheer number of attacks targeting industrial infrastructure. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% of impacted environments lacked visibility into ICS traffic and half had network segmentation issues and uncontrolled external connections into their OT networks.
“A number of the threats that Dragos tracks may evolve their disruptive and destructive capabilities in the future because adversaries often do extensive research and development (R&D) and build their programs and campaigns over time,” the Dragos researchers said in a newly released annual report. “This R&D informs their future campaigns and ultimately increases their disruptive capabilities.”
The number of vulnerabilities specifically for ICS-related hardware and software increased by 27% from 2021, but this doesn’t paint the whole picture as not all vulnerabilities are equal, especially in the ICS space.
As such, Dragos performed a deeper risk assessment of those vulnerabilities and found that 15% were in devices bordering enterprise networks and 85% were deep inside ICS networks. Furthermore, half didn’t lead to either loss of visibility or control and half did.
The bigger issue is that in a sector where patching often involves shutting down operations and critical devices, asset owners rely heavily on mitigation and of the 70% of vendor advisories that provided patches, 51% did not contain any mitigation advice. A further 30% of advisories didn’t have a patch and 16% of those had no practical mitigation.
In 34% of vendor advisories, Dragos found incorrect data such as wrong software numbers, wrong hardware models, wrong versions and so on.
Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th
Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!