Piles of Unpatched IoT, OT Devices Attract ICS Cyberattacks
Industrial devices are less likely to be patched due to expensive downtime, and threat actors have taken notice.
August 3, 2023
Despite efforts across both the public and private sectors to shore up industrial control system (ICS) cybersecurity, threat actors continue to find increasing opportunity against unpatched Internet of Things (IoT) and operational technology (OT) devices.
New research from Nozomi Networks looked at public IoT/OT cyber incidents over the past six months and found that various threat actors, including ransomware and DDoS cyber attackers, have unleashed a barrage of cyberattacks against ICS systems. The report notes manufacturing, water treatment, food and agriculture, and the chemical sectors were most frequently targeted in early 2023.
Nozomi added it measured an average of 813 unique cyberattacks daily on its honeypots the first six months of this year, hitting a peak of 1,342 on May 1.
Another bit of research, from SynSaber and downloaded by Dark Reading, sheds further light on what's causing the frenzy of nefarious activity against ICS networks. Even though the overall number of ICS CVEs reported in the first half of the year is down 1.6% from 2022, 34% of ICS CVEs reported in the first half of 2023 have no patch or remediation available, a 13% spike over the same period last year.
Why ICS Patching Takes So Long
There are plenty of good reasons why patches for supervisory control and data acquisition (SCADA) and ICS systems get held up for months, or even years, according to Melissa Bischoping, endpoint security researcher with Tanium.
"Stability and uptime of these systems is often a priority for operations, and many patches require restarts," which may trigger a cascade of restarts to the production process, Bischoping tells Dark Reading. "Given the cost and risk of those downtimes, operators may choose to delay the patches."
The cost of upgrading ICS systems can also be a deterrent to upgrades, she explains.
"In some cases, interoperability and compatibility with other systems may prevent upgrades until costly retrofitting or modernization of shared components can occur," Bischoping adds. "Upgrades can carry a price tag of millions of dollars, but choosing to delay upgrades may mean accepting as much or more in risk that the system may fail or be exploited."
Bright Spot in ICS Cybersecurity Data
The choices for ICS systems operators are tough, but John Gallagher, vice president with Viakoo Labs, says research and data points like these show that cybersecurity efforts to protect these systems are indeed working.
"Until recently IoT/OT devices and their related vulnerabilities were not a focus for the line-of-business organizations that typically run them — think manufacturing, facilities, physical security — and not a lot of data was available," Gallagher tells Dark Reading. "The growth of asset discovery, threat assessment, and vulnerability remediation solutions that directly address IoT/OT systems is helping to change that, along with more government and board-level focus on the threats from such systems."
About the Author
You May Also Like
Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024The Unreasonable Effectiveness of Inside Out Attack Surface Management
Dec 4, 2024