The common vulnerabilities leaving industrial systems open to attack

the Transform Technology Summits begins October 13 with Low-Code / No Code: Enabling Business Agility. Register now!


The industrial sector was the second most attacked by malicious actors in 2020, when data extortion it became a main tactic and attacks spiked. Overall, the year saw more cyberattacks than the past. 15 years combined. And sadly, the trend has persisted into this new year: Industrial systems continue to be under siege from ransomware and attacks on critical infrastructure such as Colonial oil pipeline and JBL, the world’s largest meat processor, show just how much is at stake.

The good news is that we know where many of the vulnerabilities lie. A recent investigation by industrial security company Claroty, which discovered many “critical” vulnerabilities in industrial control systems, also established what specific providers they are putting industrial companies at risk. Now a new report from the security company Positive Technologies has revealed the most common industrial vulnerabilities.

The results

According to the research, industrial systems are especially vulnerable to attack when there is a low level of protection around the perimeter of an external network that can be accessed from the Internet. Incorrect device configurations and failures in network segmentation and traffic filtering are also leaving the industrial sector particularly vulnerable. Lastly, the report also cites the use of outdated software and dictionary passwords as risk vulnerabilities.

To uncover this insights, the researchers set out to mimic hackers and see which path they would take to gain access.

“By analyzing the security of companies’ infrastructure, Positive Technologies experts look for vulnerabilities and demonstrate the feasibility of attacks by simulating the actions of real hackers,” the report reads. “In our experience, most industrial companies have a very low level of protection against attacks.”

Once inside the internal network, Positive Technologies found that attackers can gain user credentials and full control over the infrastructure in 100% of the cases. And in 69% of cases, they can steal confidential data, including email correspondence and internal documentation. Even more worryingly, 75% of the industrial companies that Positive Technologies experts tested were able to access the technology segment of the network. Overall, the company’s 2020 research revealed that in 91% of industrial organizations, an external attacker can penetrate the corporate network.

Protection of industrial systems

“More than anywhere else, protecting the industrial sector requires critical systems modeling to test their parameters, verify the viability of business risks, and look for vulnerabilities,” the report concludes.

Specifically, the researchers recommend that industrial companies look for a simulation of cyber-range risks, which they say can assess the safety of production systems without disrupting actual business processes. This is a crucial challenge in the industrial sector, because many of these systems cannot simply be turned off for regular evaluation.

“The simulation of cyber-range risks reveals the criteria of their performance, that is, the preconditions and possible consequences of such attacks,” the report continues. “This increases the efficiency of other security assessment tasks. Furthermore, a cyber-range is a place where information security specialists can put their skills to detect and respond to incidents to the test. “

Saumitra Das, Co-Founder and CTO of Cloud Native Artificial Intelligence Security Company Blue hexagon, responded to the investigation by noting that it is particularly difficult to update and protect industrial control system software that uses obscure protocols. He says that segmenting the IT and OT / ICS networks, focusing on reducing the chances of someone breaking into the IT network, is key.

“Detecting attacks on the OT / ICS side is also good, but it is generally too late and risky,” he added. “It’s like detecting ransomware that has already started to encrypt. You want to detect and mitigate the foothold infection, rather than waiting for the final payload. “

VentureBeat

VentureBeat’s mission is to be a digital urban plaza for technical decision makers to gain insight into transformative technology and transact. Our site offers essential information on data technologies and strategies to guide you as you run your organizations. We invite you to become a member of our community, to access:

  • updated information on the topics of your interest
  • our newsletters
  • Exclusive content from thought leaders and discounted access to our treasured events, such as Transform 2021: Learn more
  • network features and more

Become a member

Leave a Comment