Asset visibility and security company Armis has released a new report that identifies the most risky devices threatening the critical infrastructure industry.
The study specifically focuses on manufacturing, utilities and transportation companies. We conclude that the operational technology (OT) and industrial control system (ICS) devices that pose the highest risk to these industries are engineering workstations, SCADA servers, automation servers, historians, and programmable logic controllers (PLCs). I’m here.
Learn more about threats to these systems here: Nearly Half of Industrial Sector Computers Will Be Affected by Malware by 2022
Among these devices, engineering workstations received the most attack attempts in the industry over the past two months, followed by SCADA servers.
According to news statistics, 56% of engineering workstations had at least one critical unpatched vulnerability, and 16% were affected by a weaponized vulnerability disclosed more than 18 months ago. It turned out to be acceptable.
“Vulnerable devices are very common in ICS environments. We need to see additional intelligence about,” explained Armis CTO and co-founder Nadir Izrael.
“Contextual data allows teams to define how each device poses a risk to their OT environment, enabling them to prioritize remediation of critical and weaponized vulnerabilities to quickly expand their attack surface. can be reduced to
The research also highlights vulnerabilities in devices such as uninterruptible power supplies (UPS).
For example, 60% of UPS devices have at least one critical unpatched vulnerability that could allow criminals to cause physical damage. Additionally, 41% of PLCs have at least one critical unpatched vulnerability, threatening operations at scale.
Several other devices, including barcode readers, industrial control switches, IP cameras, and printers, were at risk in this study due to the weaponized vulnerabilities disclosed prior to January 2022. also points out.
According to Israel, cooperation between OT and IT teams is critical to addressing these vulnerabilities.
“Cross-departmental projects help streamline process and resource management, improve compliance and data security,” the executive added.
“Overall, to meet the challenges of the new industrial age, security professionals need converged IT/OT security solutions that protect all network-connected assets.”
Armis will be exhibiting at Infosecurity Europe next week.
