Report
Team82’s analysis of the riskiest operational technology (OT) exposures putting critical infrastructure organizations in the crosshairs of adversaries.
Advanced adversaries have ramped up cyberattacks targeting operational technology. APTs such as Volt Typhoon, Sandworm, and the CyberA3ngers are using purpose-built malicious tools to disrupt or modify processes managed by industrial control systems (ICS), and represent the greatest threats to public safety, and national and economic security.
In this report, Claroty’s research group, Team82, lays out the greatest risks associated with OT and ICS beyond merely assessing the criticality of a vulnerability. By exploring exposures such as whether devices contain known exploited vulnerabilities—including those linked to active ransomware campaigns—and whether those devices are insecurely connected to the internet, security leaders have a road map for prioritizing mitigations and remediations at a reduced cost.
What follows is a sample of the report and Team82's findings.
The data collected for this report spans a number of industries under the umbrellas of manufacturing, natural resources, and logistics and transportation.
940,000+
OT Devices Analyzed
270
Organizations
Some of those industries include:
Food & Beverage
Pharma
Automotive
Oil & Gas
Mining
Chemical
Aviation
Rail
Maritime/Ports
Team82 analyzed close to one million OT devices within 270 organizations; the data in this report spans a number of industries under the umbrellas of manufacturing, logistics and transportation, and natural resources.
Of the close to one million OT devices analyzed, Claroty Team82 found that:
12%
contain KEVs
40%
of the organizations analyzed have these assets insecurely connected to the internet
7%
of the devices are exposed with KEVs that have been linked to known ransomware samples and actors
31%
of the organizations analyzed have these assets insecurely connected to the internet
We found that more than 12% of industrial organizations in the research had OT assets communicating with malicious domains, demonstrating that the risk to these assets is not theoretical.
The riskiest OT exposures cannot be measured in critical CVEs alone. Doing so would place undue burden on asset owners and operators trying to boil an ocean of unpatched vulnerabilities; fixing them at any kind of scale would be done at a tremendous human and monetary resource drain.
We instead break down those exposures to smaller subsets of vulnerable devices, allowing leaders to consider remediation of the highest-risk devices first where the threat of exploitation is greatest, below.
ORGANIZATIONS
DEVICES
Please complete the form to view the Report.