Manufacturing and Utilities Exposed: Unpatched Devices Loom as Cyber Threats
- By CDOTrends editors
- June 28, 2023
Critical infrastructure industries like manufacturing, utilities, and transportation are on the frontline of escalating cyber warfare. The very devices that make these sectors run smoothly - from engineering workstations to SCADA servers—might just be their Achilles heel.
Armis, an asset visibility and security company, recently unveiled research showcasing these hidden cyber threats. According to their analysis of their Asset Intelligence and Security Platform, some of the operational technology (OT) and industrial control systems (ICS) devices posing the highest risk include engineering workstations, SCADA servers, automation servers, historians, and programmable logic controllers (PLCs).
“In an ICS environment, it's pretty common to have vulnerable devices, so professionals need to see what assets are on their network and additional intelligence on what those devices are actually doing,” explained Nadir Izrael, chief technology officer and co-founder of Armis.
The findings revealed that 56% of engineering workstations, the OT devices most targeted by attackers, house at least one unpatched critical severity Common Vulnerabilities and Exposures (CVEs). Moreover, an alarming 60% of Uninterruptible Power Supplies (UPS) devices, indispensable in a power outage, harbor at least one unpatched critical severity CVE. This can potentially lead miscreants to wreak physical damage to the device or connected assets.
Notwithstanding their importance, Programmable Logic Controllers (PLCs) aren't spared either, with 41% having at least one unpatched critical severity CVE. Attackers could exploit these vulnerabilities, disrupting central operations. The research further emphasized how these devices can fall victim to high-risk factors like end-of-support hardware and firmware.
Other devices like barcode readers, industrial-managed switches, IP cameras, and printers pose additional risks. They all have at least one weaponized CVE published before January 2022 and hence, have a heightened risk profile.
OT industries, by virtue of their diverse locations and complex distribution lines, often struggle with identifying and remediating risk sources, creating an opening for malevolent actors.
"Contextual data will enable teams to define what risk each device poses to the OT environment so that they can prioritize remediation of critical and/or weaponized vulnerabilities to quickly reduce the attack surface,” Izrael added.
The crux of the solution lies in fostering collaboration between OT and IT teams, ensuring secure operational environments while fulfilling IT-related responsibilities. Izrael highlights that having a risk-based approach to vulnerability management should be coupled with coordinated efforts between these teams.
Most of these risky devices run Windows operating systems, illustrating how securing vulnerable assets is a persistent challenge. Many are exposed due to using an outdated, unencrypted, and vulnerable protocol, SMBv.1. Despite being notorious for its vulnerabilities, exploited in infamous attacks like Wannacry and NotPetya, it continues to be prevalent in the field.
“Cross-departmental projects will help streamline process and resource management and achieve greater compliance and data security,” advised Izrael, emphasizing the need for a convergent IT/OT security solution.
Using artificial intelligence and machine learning, Armis' Unified Asset Intelligence Platform detects when a device deviates from its normal operations and triggers an automated response. It also maps the communications and relationships between devices, adding contextual intelligence to assess their potential risks.
While the findings shed light on hidden vulnerabilities, the silver lining is that with advanced tools and cross-functional collaboration, these risks can be effectively managed, keeping critical infrastructure industries secure and operational in the face of a growing digital threat landscape.
Image credit: iStockphoto/Nuthawut Somsuk