IT disaster recovery, cloud computing and information security news

Critical infrastructure is increasingly at risk from operational technology, as vulnerabilities see 46 percent rise

Skybox Security has released its annual Mid-Year Vulnerability and Threat Trends Report, offering new threat intelligence research on the frequency and scope of global malicious activity. The Skybox Research Lab analysts found that new vulnerabilities in operational technology (OT) devices were up 46 percent in the first half of 2021, putting vital critical infrastructure at risk.

According to Gartner, operational technology is ‘hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events’.

"Critical infrastructure is the backbone of global enterprises and governments. Operational technology enables revenue creation and business continuity. Yet, despite the criticality, the cyber security measures in place are still weak or nonexistent," said Gidi Cohen, CEO and founder, Skybox Security. "Experts warned for years that vital infrastructure is a sitting duck and that it was only a matter of time before they came under widespread assault. Now, those predictions have come true."

To make matters worse, it can be difficult or impossible to identify and remediate OT vulnerabilities through scanning and patching. Nearly all major vendors of OT equipment reported increases in vulnerabilities, especially Siemens. Threat actors are taking advantage of these OT weaknesses in ways that don't just imperil individual companies but also threaten public safety and the global economy.

Key findings presented in this update include:

  • New vulnerabilities in OT devices were up nearly 46 percent versus H1 2020. These vulnerabilities pose a growing threat to critical infrastructure and other vital systems. Cybercriminals know how indispensable OT assets and their control systems are, and companies will pay hefty ransoms to avoid disruptions and shutdowns.
  • The number of new vulnerabilities exploited in the wild grew 30 percent in H1 2021 compared to the same period last year. Interestingly, a growing percentage of these exploits (13 percent in H1 2021 versus 8 percent in 2020) are specifically targeting vulnerabilities rated as ‘medium-severity’ on the CVSS scale. Thus, as new security weaknesses emerge, threat actors are moving quickly to take advantage of them.
  • The number of network devices such as routers, switches, firewalls, and their operating systems, rose nearly 20 percent in H1 2021. Like OT, these devices are critically important parts of the infrastructure, yet their security flaws are often invisible because they are difficult or impossible to effectively scan. Scanning can impact performance or even shut down systems and is further complicated by the need for special passwords and access privileges.
  • Ransomware attacks increased by 20 percent versus the first half of 2020. Interestingly, new malware overwhelmingly exploited more recent vulnerabilities (vulnerabilities reported in the last 3 years). This clearly indicates that malware creators have new vulnerabilities on their radar and actively develop novel malware to exploit the latest weaknesses.
  • Cryptojacking malware, which hijacks computer systems for cryptocurrency mining, more than doubled in comparison to the same period last year. Cryptojacking is just one example of how dynamic an industry malware has become, quickly adapting its offerings and business models to serve emerging markets. In some cases, malware-as-a-service providers lease botnets composed of already-infected machines to cryptominers.
  • The cumulative number of vulnerabilities grows 3x in 10 years. This cumulative number of vulnerabilities is concerning. The vast majority of vulnerabilities aren't new, and the older they are, the more time threat actors have had to find and exploit. Old vulnerabilities lurk for years in networks, only to become exposed later, offering rich targets for attackers. Some of the most exploited vulnerabilities are four years old or more.

More details.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.