Team82 Releases its State of XIoT Security Report: 2H 2022
February 16, 2023
New York. Claroty’s Team82 released findings that showed a 14% decline of cyber-physical system vulnerabilities disclosed in 2H of 2021 to 2H 2022, in its State of XIoT Security Report: 2H 2022. However, the research team did find an increase of 80% more vulnerabilities found by product security teams over the same time. Claroty describes their disclosure having an optimistic effect on the security of the Extended Internet of Things (XIoT) in environments across a vast array of industry applications such as, industrial, healthcare, and commercial.
The study analyzes the impact of vulnerabilities effecting XIoT ecosystems in operational technology and industrial control systems (OT/ICS), Internet of Medical Things (IoMT), building management systems, and enterprise IoT. "The purpose of Team82's research and compiling this report is to give decision makers in these critical sectors the information they need to properly assess, prioritize, and address risks to their connected environments, so it is very heartening that we are beginning to see the fruits of vendors' and researchers' labor in the steadily growing number of disclosures sourced by internal teams,” said Amir Preminger, VP research at Claroty.
The statistics have been correlated by Team 82 and reliable partners including the National Vulnerability Database (NVD), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), [email protected], MITRE, and industrial automation vendors Schneider Electric and Siemens.
Key Findings According to Team82 at its collaborators are:
- Affected Devices: 62% of published OT vulnerabilities affect devices at Level 3 of the Purdue Model for ICS. These devices manage production workflows and can be key crossover points between IT and OT networks, thus very attractive to threat actors aiming to disrupt industrial operations.
- Severity: 71% of vulnerabilities were assessed a CVSS v3 score of "critical" (9.0-10) or "high" (7.0-8.9), reflecting security researchers' tendency to focus on identifying vulnerabilities with the greatest potential impact in order to maximize harm reduction. Additionally, four of the top five Common Weakness Enumerations (CWEs) in the dataset are also in the top five of MITRE's 2022 CWE Top 25 Most Dangerous Software Weaknesses, which can be relatively simple to exploit and enable adversaries to disrupt system availability and service delivery.
- Attack Vector: 63% of vulnerabilities are remotely exploitable over the network, meaning a threat actor does not require local, adjacent, or physical access to the affected device in order to exploit the vulnerability.
- Impacts: The leading potential impact is unauthorized remote code or command execution (prevalent in 54% of vulnerabilities), followed by denial-of-service conditions (crash, exit, or restart) at 43%.
- Mitigations: The top mitigation step is network segmentation (recommended in 29% of vulnerability disclosures), followed by secure remote access (26%) and ransomware, phishing, and spam protection (22%).
- Team82 Contributions: Team82 has maintained a prolific, years-long leadership position in OT vulnerability research with 65 vulnerability disclosures in 2H 2022, 30 of which were assessed a CVSS v3 score of 9.5 or higher, and over 400 vulnerabilities to date.
To access Team82's findings, download the full State of XIoT Security Report: 2H 2022 report.
Join Team82 Slack channel for additional discussion and insight into the report.
To find out more about Claroty, visit claroty.com.