"Analysis of ICS Exploits Can Help Defenders Prioritize Vulnerability Remediation"
The Industrial cybersecurity firm Dragos released results from its analysis of exploits targeting vulnerabilities contained by industrial control systems (ICS) and operational technology (OT) systems. Dragos has tracked over 3,000 ICS and OT vulnerabilities over the past decade. According to Dragos, the number of vulnerabilities disclosed in 2020 was less than the number disclosed in the two previous years. In addition to tracking the disclosure of the vulnerabilities, the company looked at the public availability of associated exploits that make it easier for less-skilled threat actors to abuse security holes. Dragos found that only 8 percent of the vulnerabilities disclosed in 2020 have public exploits, possibly because Trend Micro's Zero Day Initiative (ZDI) acquired many ICS vulnerabilities, and ZDI can prevent researchers from making their proof-of-concept (PoC) exploits public. Almost 600 public ICS exploits are known to target the products of more than 110 vendors. Seven major vendors account for about 40 percent of all published exploits, including Advantech, Moxa, Microsoft, Siemens, Rockwell Automation and its Allen-Bradley brand, and Schneider Electric. Many of the public ICS exploits target devices at the site operations level, which could provide an initial access point into the industrial network. There are hundreds of publicly available exploits that a malicious actor can use when they reach the industrial network, which consists of field, control, and supervisory devices. Remote code execution is the most likely impact for most levels of access. However, denial-of-service (DoS) takes the lead in cases where there are exploits targeting control devices. This article continues to discuss the key findings from Dragos' analysis of ICS exploits and recommendations for defenders looking to prioritize ICS vulnerability remediation.