The ransomware attack against JBS earlier this year sent shockwaves through the food industry. But the world’s largest meat processing company certainly wasn’t alone. According to Claroty’s latest industrial control systems (ICS) risk and vulnerability report, the first half of 2021 was “the biggest test of industrial cybersecurity in history.”
Claroty reports that in the first six months of this year, 637 ICS vulnerabilities were published affecting products from 76 vendors. This is up from 449 vulnerabilities from 59 vendors in the second half of last year. Just over 70% of those vulnerabilities were classified as high or critical.
The top three types of products affected were:
- Operations management — e.g., servers and databases that are vital to production workflow or that collect data for higher-level business systems
- Basic control — e.g., programmable logic controllers (PLCs), remote terminal units (RTUs), and other controls that monitor equipment like pumps and sensors
- Supervisory control — e.g., human-machine interfaces (HMIs), SCADA software, and other data-monitoring tools
Roughly two-thirds of the security vulnerabilities were remotely exploitable, while one-third were local attack vectors, which rely on local users to perform specific actions. Claroty notes that this “reinforces the need” for spam and phishing prevention, including awareness techniques to help users identify potentially harmful activities.
The report identifies three trends that will impact the industrial cybersecurity picture over the next six months:
- Operational technology (OT) cloud migration — As companies continue to move their industrial processes to the cloud, “threat actors may see an opportunity to target vulnerabilities suddenly exposed by connectivity at scale.” To combat this, companies need to increase their focus on data security.
- Ransomware and extortion tactics — “Attackers have become more insidious in using ransomware, scouting out victims they believe are most likely to pay high ransom demands” and “large manufacturing operations and critical infrastructure are now in the crosshairs,” according to the report. JBS paid $11 million in ransom to get its plants back online.
- Pending U.S. cyber legislation — On July 28, President Biden signed the “National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.” There are currently several cybersecurity bills being considered by Congress.
Claroty offers four recommendations for protecting industrial systems against cyberattacks:
- Network segmentation
- Remote access connections protection
- Ransomware, phishing, and spam protection
- Protecting operations management and basic & supervisory control