"80% of Manufacturing Firms Have Critical Vulnerabilities"

According to security researchers at Black Kite, the manufacturing sector is at high risk of cyberattacks, with 80% of companies having critical vulnerabilities (with a CVSS score of 8 and above).  The researchers noted that over two-thirds (67%) of manufacturing organizations had at least one vulnerability from the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog, which details flaws that have been exploited in the wild.  The researchers also found that approximately 30% have critical vulnerabilities in web applications, often the entry point for threat actors.  The researchers said that the industry has poor patch management practices.  Additionally, 69% of manufacturing firms have leaked credentials in the last 90 days, and 62% have broken crypto algorithms (SSL/TLS).  During the study, the researchers said that manufacturing was the number one target for ransomware groups from April 1, 2023, to March 31, 2024, facing 21% of attacks (1016 out of 4893 victims).  This was followed by professional, scientific, and technical services (18%), healthcare and social assistance (6%), finance and insurance (5.7%) and educational services (5.5%).  Industrial machinery manufacturing was the manufacturing sub-sector with the highest number of victims across the 12-month period (76), followed by motor vehicle parts manufacturing (58) and pharmaceutical and medicine manufacturing (50).

Infosecurity Magazine reports: "80% of Manufacturing Firms Have Critical Vulnerabilities"