>
Microsoft has identified a large number of IoT security vulnerabilities and found unpatched, highly severe vulnerabilities in 75% of the most common industrial controllers in customer operational technology (OT) networks.
The tech giant’s research also found that 72% of software exploits used by what Microsoft calls “Incontroller” are now available online.
“Incontroller” is what the Cybersecurity and Infrastructure Security Agency (CISA) describes as a “new set of state-sponsored, industrial control systems (ICS) oriented cyber-attack tools.”
What is the real size of the problem?
Microsoft quoted recent IDC figures that estimate there will be 41.6 billion connected IoT devices by 2025, a growth rate that far exceeds that of traditional IT equipment.
However, it claims that the security development of IoT and OT devices has not kept pace with that of other IT systems and that threat actors are exploiting these devices.
Microsoft pointed to the Russian cyber-attacks on Ukraine, as well as other nation-state-sponsored cybercriminal activities, saying they demonstrate that “some nation-states consider cyber-attacks against critical infrastructure desirable for the achievement of military and economic objectives.”
You certainly don’t have to look far to see examples of these kinds of industrial IoT attacks wreaking havoc on everyone involved.
In May 2021, the Colonial Pipeline ransomware attack disrupted the supply of natural gas across much of the southern US, leading to widespread price increases.
To mitigate these types of risks, Microsoft recommends that customers work with stakeholders to map mission-critical assets in IT and OT environments, and identify which IoT and OT devices are themselves critical assets and which are linked to other critical resources.
Microsoft also recommends that organizations perform a risk assessment on critical assets, focusing on the business impact of various attack scenarios.
- Do you want to protect your organization against cyber threats? Check out our guide to the best firewalls