Cyber Threats and Trends: ICS Edition
2020 was definitely not a good year for individuals and businesses alike. However, there was one crowd that benefited immensely from the pandemic-struck world. Cybercriminals. They didn’t leave any stone unturned in finding vulnerabilities in Industrial Control Systems (ICS) and Operational Technology (OT) networks and protocols.
The Biannual ICS Risk and Vulnerability report from Claroty evaluated all publicly disclosed vulnerabilities in ICS networks from H2 2020 and discovered a 33% increase in disclosures over 2018. Most disclosures were from critical manufacturing, waste water, energy, water, and commercial facilities industries.
Some stats your way
- 71.49% of bugs can be remotely executed, while 89.98% of vulnerabilities don’t require any special conditions to be exploited.
- With successful exploitation, 65.7% of flaws can result in an entire loss of availability.
- Every single disclosure scored high ranks in MITRE’s 2020 CWE Top 25 Most Dangerous Software Weaknesses list because of the ease of exploitation.
Other incidents affecting ICS
- WestRock, the second-largest packaging firm in the U.S., was hit by a ransomware attack that impacted its OT systems. This implies that the firm’s factory processes were crippled.
- The Snake ransomware has been found to be specifically crafted to target ICS. The ransomware is capable of terminating 64 disparate software processes on infected systems, including the ones specific to ICS. Bapco, Bahrain’s national oil company, is allegedly one of the victims of this ransomware.
- Industrial control software by Fuji Electric has been discovered to be vulnerable to various high-severity arbitrary code execution flaws. These bugs could allow physical attacks on critical infrastructure and factory equipment.
- The most common trend observed is that threat actors avoid custom software while centering on common TTPs. However, development and resources are reserved for highly-targeted attacks in the final stage of disruptive attacks.
- Attacks on OT systems, including production lines, have increased as the effects are calamitous, as demonstrated by the recent attack on a natural gas compression facility in the U.S.
- Although the confluence of IT and OT networks has enhanced the efficacy of ICS processes, it has also increased the attack surface.
The bottom line
ICS-related attacks have gained prominence over the past year and with the rising number of vulnerability disclosures, the attacks are anticipated to see a surge. However, researchers have stated that the disclosures are not bad tidings as they exhibit that businesses have started taking infrastructure risks seriously.