Cisco eliminated two dangerous vulnerabilities affecting the update feature in the Cisco Industrial Network Director…
This information is provided in the CyberX 2020 Global IoT/ICS Risk Report, based on data collected from more than 1800 networks around the world from October 2018 to October 2019.
“Based on data collected in the past 12 months from 1,821 production IoT/ICS networks — across a diverse mix of industries worldwide — the analysis was performed using passive, agentless monitoring with patented deep packet inspection (DPI) and Network Traffic Analysis (NTA)”, — tell about their job CyberX specialists.
The data shows that IoT/ICS environments continue to be soft targets for adversaries, with security gaps in key areas such as:
Using outdated versions of Windows puts companies at serious risk, because attackers can hack systems using vulnerabilities, information and PoC codes, which are often shared. Even if Microsoft releases patches for dangerous vulnerabilities, as was in the case of Bluekeep, not all enterprises will be able to apply patches in industrial systems.
Read also: Attackers gained access to the NordVPN servers back in 2018
Researchers found suspicious activity in 22% of the monitored networks. Suspicious actions include scanning, incorrect HTTP headers, known malware, and excessive connections between devices. More than half of the networks used devices that could be accessed remotely through an RDP, SSH connection, or VNC. In 27% of cases, devices were accessible from the Internet.
In 64% of cases, unencrypted passwords were used in enterprise networks, making it easy for attackers to intercept them.
“Complicating the situation is the fact that passwords are rare, and sometimes never change at all in IoT and industrial automation environments”, – say CyberX researchers.
According to experts, in 66% of cases, automatic updating of software for security was disabled.
News-xdetake.cc is a domain that tries to force you into clik to its browser notifications…
News-bbufiya.today is a domain that tries to force you into subscribing to its browser notifications…
News-xyixice.store is a site that tries to force you into clik to its browser notifications…
News-xlepege.today is a site that tries to force you into subscribing to its browser notifications…
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…