Claroty’s Team82 researchers reporting an increase of 41% at 1H of 2021 in the disclosures of security vulnerabilities in Industrial Control Systems (ICS), compared to the previous six months. This increase is considered significant, mainly due to the fact that in all of 2020 disclosures increased only by 25% from 2019. Namely, 637 vulnerabilities were disclosed, 90% of them are classified as low attack complexity, meaning they do not require special conditions and an attacker can expect repeatable success every time. Even more acute is the potential damage: 71% of the disclosed vulnerabilities are classified as high to critical severity degree, reflecting the risk to operation.
Claroty, an industrial cybersecurity company, founded in 2015 by a group of unit 8200 graduates. To date, it has raised about $235 million and currently employs more than 200 people worldwide, most of them at the Tel-Aviv R&D center. Among its strategic investors are leading ICS manufacturers as Rockwell Automation, Siemens & Schneider Electric. Claroty’s Team82 remains the market leader in ICS vulnerability research, having disclosed 70 vulnerabilities at 1H 2021.
In May 2021, Claroty reported it has found severe memory protection bypass vulnerability in Siemens controllers, the SIMATIC S7-1200 and S7-1500, widely used in the industry. This vulnerability allows attackers to install malicious undetected code into the controller’s operating system, providing them higher capabilities then Stuxnet, the worm that was responsible for destroying part of the Iran’s nuclear centrifuges. This disclosed vulnerability allows attackers to install a worm or a virus in the controller which disrupt its function by producing false reports, presenting an allegedly “normal” status.