Report: 120% Increase in OT-Specific Vulnerabilities in 2017
Ami Rojkes Dombe
| 19/04/2018
Image: Bigstock
"During 2017, almost 200 new OT-specific vulnerabilities were published, affecting Siemens products, Schneider Electric, Moxa, Rockwell, and other vendors. This figure represents a 120 percent increase over that of 2016," according to a recent report published by Skybox Security.
"Additionally, about 30 percent of OT-specific vulnerabilities do not have a CVE identification, making many traditional scanning solutions ineffective (scanning is also largely prohibited due to potential disruptions).
"Looking at vulnerabilities exploited in the wild by the date on which they were reported, a trend is emerging: vulnerabilities affecting client-side applications are declining as those impacting server-side applications are increasing.
"According to our findings, there were 49 newly exploited vulnerabilities in all of 2016. Client-side vulnerabilities accounted for 41 percent of those exploits while 59 percent were server-side vulnerabilities. Many of the client-side vulnerabilities were embedded in the popular exploit kits. During 2017, of the 55 new vulnerabilities exploited, only 24 percent were client-side vulnerabilities and 76 percent were server-side…
"During 2017, the number of exploit samples published per month increased at an average of 60 percent, from an average in 2016 of 121 exploit samples per month to 194.
"The most significant threat trend in 2017 was the leaking of exploit tools from nation-state actors to mainstream attackers and targeting victims not usually of nation-state interest.
Image: Bigstock
"During 2017, almost 200 new OT-specific vulnerabilities were published, affecting Siemens products, Schneider Electric, Moxa, Rockwell, and other vendors. This figure represents a 120 percent increase over that of 2016," according to a recent report published by Skybox Security.
"Additionally, about 30 percent of OT-specific vulnerabilities do not have a CVE identification, making many traditional scanning solutions ineffective (scanning is also largely prohibited due to potential disruptions).
"Looking at vulnerabilities exploited in the wild by the date on which they were reported, a trend is emerging: vulnerabilities affecting client-side applications are declining as those impacting server-side applications are increasing.
"According to our findings, there were 49 newly exploited vulnerabilities in all of 2016. Client-side vulnerabilities accounted for 41 percent of those exploits while 59 percent were server-side vulnerabilities. Many of the client-side vulnerabilities were embedded in the popular exploit kits. During 2017, of the 55 new vulnerabilities exploited, only 24 percent were client-side vulnerabilities and 76 percent were server-side…
"During 2017, the number of exploit samples published per month increased at an average of 60 percent, from an average in 2016 of 121 exploit samples per month to 194.
"The most significant threat trend in 2017 was the leaking of exploit tools from nation-state actors to mainstream attackers and targeting victims not usually of nation-state interest.
