
Microsoft has identified numerous IoT security issues, with unpatched high-severity vulnerabilities found in 75% of the most common industrial controllers in customers’ operational technology (OT) networks.
The tech giant’s research also found that 72 percent of software exploits, which Microsoft dubs “Incontrollers,” are now available online.
“Incontroller” is what the Cybersecurity and Infrastructure Security Agency (CISA) describes as “a new set of state-sponsored cyber attack tools targeting industrial control systems (ICS).
What is the true scale of the problem?
Citing recent IDC data, Microsoft estimates that there will be 41.6 billion connected IoT devices by 2025, a much higher growth rate than traditional IT equipment.
However, it claims that developments in IoT and OT device security have not kept pace with other IT systems and that threat actors are exploiting these devices.
Microsoft pointed to Russia’s cyberattacks on Ukraine, as well as other nation-state-backed cybercriminal activity, saying they showed that “some nation-states consider cyberattacks on critical infrastructure ideal to achieve military and economic objectives.”
You certainly don’t have to look far to see examples of these types of IIoT attacks wreaking havoc on all involved.
In May 2021, the Colonial Pipeline ransomware attack disrupted natural gas supplies across much of the southern United States, causing widespread price increases.
To mitigate these types of risks, Microsoft recommends that customers work with stakeholders to map business-critical assets within the IT and OT environment and work to determine which IoT and OT devices are critical assets in their own right and which are linked to other critical assets.
Microsoft also recommends that organizations conduct risk analysis on key assets, focusing on the impact of different attack scenarios on the business.
- Interested in protecting your organization from cyber threats?Check out our guide to the best firewalls