Industrial Control Systems More Vulnerable to Hacks During COVID-19, Report Shows


Seven in 10
security vulnerabilities affecting industrial control systems (ICS) can be
exploited remotely, giving state-sponsored malicious actors a leg up, according
to a new report. The risk has been exacerbated by the increased reliance on
remote access to ICS networks amid the COVID-19 pandemic, researchers say.

The ICS Risk & Vulnerability Report released this week by Claroty covers an assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting 53 vendors.

Compared to the
first half of 2019, ICS vulnerabilities published by the NVD this year
increased 10.3% from 331, while ICS-CERT advisories rose 32.4% from 105. More
than 75% of vulnerabilities were assigned high or critical Common Vulnerability
Scoring System scores.

In a key
finding, the report mentions that more than 70% of the vulnerabilities
published by the NVD can be exploited remotely, while the most common potential
impact is remote code execution, possible with 49% of the vulnerabilities, followed
by the ability to read application data, with 41%, cause denial of service, with
39%, and bypass protection mechanisms, in 37% of cases.

Vulnerabilities
in critical manufacturing and energy, water and wastewater sectors are on the
rise. Of the 385 unique CVEs included in the advisories, energy accounted for 236,
critical manufacturing for 197, and water & wastewater for 171. Water &
wastewater experienced the largest increase of CVEs, at122.1%, compared to the
first half of 2019, while critical manufacturing increased by 87.3% and energy
by 58.9%.

State-sponsored malicious actors have historically used remotely-exploitable flaws to disrupt critical systems in rival nations. Yet, fully air-gapped ICS networks isolated from external threats have become very uncommon. According to the report, the prominence of remote exploitation has been exacerbated by the global shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic.