"Critical Manufacturing Vulnerabilities Surge 230% in Six Months"

According to security researchers at Nozomi Networks, threat actors are targeting operational technology (OT) and Internet of Things (IoT) environments with increasing sophistication and have a growing attack surface of vulnerabilities to help them do so.  The researchers revealed that 885 new ICS-CERT vulnerabilities were disclosed during the second half of 2023, impacting 74 vendors.  The researchers noted that the "critical manufacturing" sector was by far the worst affected, with related CVEs rising 230% over the previous six months to 621 for the second half of 2023.  Energy (75), waste and wastewater (37), and commercial facilities (31) rounded out the top three named sectors.  The "network anomalies and attacks" category represented the largest share (38%) of threats during the second half of 2023.  Within this category, "network scans" topped the list, followed by "TCP flood" attacks, which indicate DDoS attempts.  Authentication and password issues were ranked second, representing a fifth (19%) of threats detected during the period.  Alerts on access control and authorization came third with 10%.  The researchers noted that alerts on access control and authorization threats jumped 123% in the second half of 2023.  In this category, "multiple unsuccessful logins" and "brute force attack" alerts increased 71% and 14%, respectively.

Infosecurity Magazine reports: "Critical Manufacturing Vulnerabilities Surge 230% in Six Months"