Skybox Security, a company that specializes in security posture management, this week released its annual Mid-Year Vulnerability and Threat Trends Report, offering new threat intelligence research on the frequency and scope of global malicious activity.
Skybox Research Lab analysts found that new vulnerabilities in operational technology (OT) devices were up 46% in the first half of 2021, putting vital critical infrastructure at risk.
“Critical infrastructure is the backbone of global enterprises and governments,” said Gidi Cohen, the firm’s CEO and founder. “Operational technology enables revenue creation and business continuity, yet, despite the criticality, the cybersecurity measures in place are still weak or nonexistent.
“Experts warned for years that vital infrastructure is a sitting duck and that it was only a matter of time before they came under widespread assault. Now, those predictions have come true.”
The report notes that to make matters worse, it can be difficult or impossible to identify and remediate OT vulnerabilities through scanning and patching: “Nearly all major vendors of OT equipment reported increases in vulnerabilities, especially Siemens.
“Threat actors are taking advantage of these OT weaknesses in ways that don't just imperil individual companies, but also threaten public safety and the global economy.”
Other key findings presented in this mid-year update include:
- The number of new vulnerabilities exploited in the wild grew 30% in the first half of 2021 compared to the same period last year. “Interestingly, a growing percentage of these exploits (13% in H1 2021 versus 8% in 2020) are specifically targeting vulnerabilities rated as "medium-severity" on the CVSS scale. Thus, as new security weaknesses emerge, threat actors are moving quickly to take advantage of them,” a release states.
- The number of network devices such as routers, switches, firewalls, and their operating systems, rose nearly 20% in H1 2021. Like OT, these devices are critically important parts of the infrastructure, yet their security flaws are often invisible because they are difficult or impossible to effectively scan. Scanning can impact performance or even shut down systems and is further complicated by the need for special passwords and access privileges.
- Ransomware increased by 20% versus the first half of 2020. Authors of the report note that “new malware overwhelmingly exploited more recent vulnerabilities (vulnerabilities reported in the last three years). This clearly indicates that malware creators have new vulnerabilities on their radar and actively develop novel malware to exploit the latest weaknesses.”
- Cryptojacking malware, which hijacks computer systems for cryptocurrency mining, more than doubled in comparison to the same period last year: “Cryptojacking is just one example of how dynamic an industry malware has become, quickly adapting its offerings and business models to serve emerging markets,” the release said. “In some cases, malware-as-a-service providers lease botnets composed of already-infected machines to cryptominers.
“The sheer volume of accumulated security debt –hundreds of thousands or even millions of vulnerabilities – means that security teams can't possibly isolate and patch all of them,” said Stav Kaufman, lead analyst at Skybox.
“Malware evolves like viruses, with new variants springing up opportunistically in response to changing environments. As a result, enterprises need precise, exposure-based solutions that cut through the noise, pinpoint the real security threats and enable practical, cost-effective remediation.”