Piles of unpatched IoT, OT devices attract ICS cyberattacks

Becky Bracken, Dark Reading

August 3, 2023

1 Min Read
Piles of unpatched IoT, OT devices attract ICS cyberattacks

Despite efforts across both the public and private sectors to shore up industrial control system (ICS) cybersecurity, threat actors continue to find increasing opportunity against unpatched Internet of Things (IoT) and operational technology (OT) devices.

New research from Nozomi Networks looked at public IoT/OT cyber incidents over the past six months and found that various threat actors, including ransomware and DDoS cyber attackers, have unleashed a barrage of cyberattacks against ICS systems. The report notes manufacturing, water treatment, food and agriculture, and the chemical sectors were most frequently targeted in early 2023.

Nozomi added it measured an average of 813 unique cyberattacks daily on its honeypots the first six months of this year, hitting a peak of 1,342 on May 1.

Another bit of research, from SynSaber and downloaded by Dark Reading, sheds further light on what’s causing the frenzy of nefarious activity against ICS networks. Even though the overall number of ICS CVEs reported in the first half of the year is down 1.6% from 2022, 34% of ICS CVEs reported in the first half of 2023 have no patch or remediation available, a 13% spike over the same period last year.

Why ICS Patching Takes So Long

There are plenty of good reasons why patches for supervisory control and data acquisition (SCADA) and ICS systems get held up for months, or even years, according to Melissa Bischoping, endpoint security researcher with Tanium.

To read the complete article, visit Dark Reading.

 

About the Author

Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community