Many of them are deemed ‘critical’
(Image credit: Shutterstock / Song_about_summer)
The number of vulnerabilities disclosed in industrial control systems (ICS) this year increased by 41 percent, compared to 2020. Many of these vulnerabilities were deemed either “critical” or “high risk”, and with ransomware growing more popular and more devastating by the day, this could spell trouble for many critical infrastructure operators.
These are the conclusions of a new report, recently published by Team82, a cybersecurity research team with industrial security firm Claroty.
The paper claims there 637 ICS vulnerabilities were disclosed in the first half of 2021, a 41 percent jump. Between 2019 and 2020, the increase was 25 percent, meaning the number of disclosed vulnerabilities is rising fast.
Operations management, supervisory control and basic control were the three most vulnerable levels of operation.
Of the 637 vulnerabilities reported in H1, almost three-quarters (71 percent) were labelled “high risk” or “critical”. Two-thirds (65 percent) could result in total loss of availability and prevent access to key resources. A quarter (26 percent) can only partially be addressed, while in some cases no fix is available.
The worst part, Team82 claims, is that one doesn’t have to be a hacker supreme to take advantage of these vulnerabilities. Almost all of them (90 percent) have a low attack complexity, while 74 percent don’t even require any specific privileges to be exploited.