Cov kev tswj hwm kev lag luam nyob deb (ICS) qhov tsis zoo tau nce ntxiv, vim tias kev cia siab rau cov chaw taws teeb nkag mus rau kev lag luam hauv kev lag luam nce ntxiv thaum lub sij hawm COVID-19, tsab ntawv tshawb fawb tshiab los ntawm Claroty pom.
Ntau tshaj 70% ntawm kev tswj hwm kev lag luam (ICS) qhov tsis zoo uas tau tshaj tawm hauv thawj ib nrab (1H) ntawm 2020 tuaj yeem siv tau nyob deb, qhia txog qhov tseem ceeb ntawm kev tiv thaiv internet-fab ICS cov cuab yeej siv thiab kev sib txuas hauv thaj chaw deb, raws li kev nthuav qhia.Biannual ICS Risk & Vulnerability Report, tso tawm lub lim tiam no los ntawmClaroty, tus kws tshaj lij thoob ntiaj teb hauvkev siv technology (OT) kev ruaj ntseg.
Daim ntawv tshaj tawm suav nrog pab pawg tshawb fawb Claroty qhov kev ntsuam xyuas ntawm 365 ICS qhov tsis zoo uas tau luam tawm los ntawm National Vulnerability Database (NVD) thiab 139 ICS cov lus qhia tawm los ntawm Pawg Tswj Xyuas Kev Lag Luam Cyber Emergency Response Team (ICS-CERT) thaum 1H 2020, cuam tshuam rau 53 tus neeg muag khoom.Pab pawg tshawb fawb Claroty tau tshawb pom 26 ntawm qhov tsis zoo uas suav nrog hauv cov ntaub ntawv no.
Raws li tsab ntawv ceeb toom tshiab, piv rau 1H 2019, ICS qhov tsis zoo uas tau tshaj tawm los ntawm NVD tau nce 10.3% los ntawm 331, thaum ICS-CERT cov lus qhia tau nce los ntawm 32.4% los ntawm 105. Ntau tshaj 75% ntawm qhov muaj qhov tsis zoo tau raug muab siab lossis qhov tseem ceeb ntawm Kev Ntsuas Kev Ntsuas Kev Ntsuas. System (CVSS) cov qhab nia.
Amir Preminger, VP ntawm kev tshawb fawb ntawm Claroty hais tias "Muaj kev paub ntau ntxiv txog cov kev pheej hmoo uas tshwm sim los ntawm ICS qhov tsis zoo thiab ua kom pom tseeb ntawm cov kws tshawb fawb thiab cov neeg muag khoom txhawm rau txheeb xyuas thiab kho qhov tsis zoo no kom ua tau zoo thiab ua tau zoo raws li qhov ua tau," Amir Preminger, VP ntawm kev tshawb fawb ntawm Claroty.
Nws hais ntxiv, "Peb tau lees paub qhov tseem ceeb uas yuav tsum tau nkag siab, ntsuas, thiab tshaj tawm txog kev txaus ntshai ICS thiab qhov tsis zoo rau thaj chaw kom muaj txiaj ntsig rau tag nrho OT kev ruaj ntseg zej zog.Peb qhov kev tshawb pom qhia tias nws tseem ceeb npaum li cas rau cov koom haum los tiv thaiv kev sib txuas ntawm cov chaw taws teeb thiab cov khoom siv hauv internet-facing ICS, thiab tiv thaiv phishing, spam, thiab ransomware, txhawm rau txo qis thiab txo qhov cuam tshuam ntawm cov kev hem thawj no. "
Raws li tsab ntawv ceeb toom, ntau dua 70% ntawm qhov tsis zoo uas tau tshaj tawm los ntawm NVD tuaj yeem siv tau nyob deb, txhawb qhov tseeb tias tag nrho huab cua-gapped ICS tes hauj lwm uas yogcais tawm ntawm cyber hem thawjtau dhau los ua tsis tshua muaj tshwm sim.
Tsis tas li ntawd, qhov feem ntau muaj feem cuam tshuam yog kev ua txhaum cai hauv thaj chaw deb (RCE), muaj peev xwm nrog 49% ntawm qhov tsis zoo - cuam tshuam nws qhov tseem ceeb raws li qhov tseem ceeb hauv cheeb tsam hauv OT kev tshawb fawb kev ruaj ntseg hauv zej zog - ua raws li muaj peev xwm nyeem cov ntaub ntawv thov (41%). , ua rau tsis lees paub kev pabcuam (DoS) (39%), thiab hla kev tiv thaiv cov txheej txheem (37%).
Cov kev tshawb fawb pom tias qhov tseem ceeb ntawm kev siv tej thaj chaw deb tau ua rau muaj kev cuam tshuam loj heev los ntawm kev hloov pauv thoob ntiaj teb sai mus rau cov neeg ua haujlwm nyob deb nroog thiab nce kev cia siab rau cov chaw taws teeb rau ICS networks.los teb rau tus kab mob COVID-19.
Raws li tsab ntawv ceeb toom, lub zog, kev tsim khoom lag luam tseem ceeb, thiab cov dej thiab cov dej khib nyiab yog qhov cuam tshuam ntau tshaj plaws los ntawm qhov tsis zoo uas tau tshaj tawm hauv ICS-CERT cov lus qhia thaum lub sij hawm 1H 2020. Ntawm 385 qhov tsis zoo ntawm qhov tsis zoo thiab qhov tshwm sim (CVEs) suav nrog hauv cov lus qhia. , lub zog muaj 236, kev tsim khoom tseem ceeb muaj 197, thiab dej thiab dej khib nyiab muaj 171. Piv rau 1H 2019, cov dej thiab cov dej khib nyiab tau ntsib qhov loj tshaj plaws ntawm CVEs (122.1%), thaum tsim khoom tseem ceeb tau nce 87.3% thiab lub zog los ntawm 58.9%.
Claroty kev tshawb fawb tham tau tshawb pom 26 ICS qhov tsis zoo uas tau tshaj tawm thaum lub sijhawm 1H 2020, ua ntej qhov tseem ceeb lossis muaj kev pheej hmoo siab uas tuaj yeem cuam tshuam rau kev muaj, kev ntseeg siab, thiab kev nyab xeeb ntawm kev lag luam.Pab neeg no tau tsom mus rau ICS cov neeg muag khoom thiab cov khoom lag luam nrog ntau lub hauv paus nruab, lub luag haujlwm tseem ceeb hauv kev lag luam kev lag luam, thiab cov uas siv cov txheej txheem uas cov kws tshawb fawb Claroty muaj kev txawj ntse ntau.Tus kws tshawb fawb hais tias 26 qhov tsis zoo no tuaj yeem muaj kev cuam tshuam loj rau kev cuam tshuam OT tes hauj lwm, vim tias ntau dua 60% ua rau qee hom RCE.
Rau ntau tus neeg muag khoom cuam tshuam los ntawm Claroty qhov kev tshawb pom, qhov no yog lawv thawj zaug tshaj tawm qhov tsis zoo.Raws li qhov tshwm sim, lawv tau pib tsim cov pab pawg muaj kev ruaj ntseg thiab cov txheej txheem los daws qhov nce qhov tsis zoo ntawm kev tshawb pom vim muaj kev sib koom ua ke ntawm IT thiab OT.
Txhawm rau nkag mus rau tag nrho cov kev tshawb pom thiab kev txheeb xyuas qhov tob,download tauClaroty Biannual ICS Risk & Vulnerability Report: 1H 2020ntawm no.
Post lub sij hawm: Sep-07-2020
