The common vulnerabilities that leave industrial systems open to attack

The common vulnerabilities that leave industrial systems open to attack

That Transform Technology Summits launch on October 13 with Low-Code / No Code: Enabling Enterprise Agility. Register now!


The industrial sector was the second most targeted of malicious actors in 2020, when data blackmail became a primary tactic and attacks skyrocketed. Overall, the year saw more cyber attacks than the last 15 years combined. And unfortunately, the trend has continued over the new year – industrial systems continue to be besieged by ransomware, and attacks on critical infrastructure such as the Colonial Pipeline and JBL, the world’s largest meat processor, show just how high the stakes are.

The good news is that we know how many of the vulnerabilities lie. Recent research from the industrial security firm Claroty, which uncovered many “critical” vulnerabilities in industrial control systems, also suggested which specific vendors put industrial firms at risk. Now, a new report from security firm Positive Technologies has revealed the most common industrial vulnerabilities.

The findings

According to the research, industrial systems are particularly open to attack when there is a low level of protection around an external network perimeter accessible from the Internet. Device error configurations and errors in network segmentation and traffic filtering also leave the industry sector particularly vulnerable. Finally, the report also mentions the use of outdated software and passwords for dictionaries as risky vulnerabilities.

To uncover these insights, the researchers set out to actually emulate hackers and see which way they would go to gain access.

“When analyzing the security of corporate infrastructure, Positive Technologies experts look for vulnerabilities and demonstrate the feasibility of attacks by simulating the actions of real hackers,” the report reads. “In our experience, most industrial companies have a very low level of protection against attack.”

Once inside the internal network, Positive Technologies found that attackers can gain user information and full control over the infrastructure in 100% of cases. And in 69% of cases, they can steal sensitive data, including email correspondence and internal documentation. Even more so, that 75% of the industrial companies that Positive Technologies’ experts tried were able to access the technological segment of the network. Overall, 2020 surveys from the company showed that in 91% of industrial organizations, an external attacker can penetrate the corporate network.

Protection of industrial systems

“More than anywhere else, the protection of the industrial sector requires modeling of critical systems to test their parameters, check the feasibility of business risks and look for vulnerabilities,” the report concludes.

The researchers specifically recommend that industrial companies look at a cyber-range simulation of risks that they say can assess the security of production systems without disrupting real business processes. This is a crucial challenge in the industrial sector because many of these systems cannot simply be turned off for regular evaluation.

“Cyber-range simulation of risks reveals the criteria for their activation, that is, the prerequisites and possible consequences of such attacks,” the report continues. “This increases the efficiency of other safety assessment tasks. In addition, a cyber area is a place where information security specialists can test their ability to detect and respond to incidents. ”

Saumitra Das, co-founder and CTO of cloud native AI security firm Blue Hexagon, responded to the research by noting that it is particularly difficult to update and protect industrial control system software that uses obscure protocols. He says that segmenting the IT and OT / ICS networks with a focus on reducing the chances of someone breaking into the IT network is key.

“It is also good to detect attacks on the OT / ICS side, but is usually very late and risky,” he added. “It’s like discovering ransomware that has already started encrypting. You will detect and mitigate the foot infection instead of waiting for the last payload. ”

VentureBeat

VentureBeat’s mission is to be a digital urban space for technical decision makers to gain knowledge about transformative technology and transactions. Our site provides important information about data technologies and strategies to guide you as you lead your organizations. We invite you to join our community to access:

  • updated information on topics that interest you
  • our newsletters
  • gated thought-leader content and discount access to our valued events, such as Transform 2021: Learn more
  • networking features and more

sign up

Leave a Comment

x