Izinsongo zokufinyelela kude kumanethiwekhi ezimboni ziyakhuphuka ngesikhathi se-COVID-19: Bika

Ubungozi besistimu yokulawula izimboni (i-ICS) obusebenziseka kalula buyanda, njengoba ukuthembela ekufinyeleleni kude kumanethiwekhi ezimboni kukhuphuka ngesikhathi se-COVID-19, umbiko omusha wocwaningo ovela kuClaroty.

 

Ngaphezulu kwama-70% wobungozi besistimu yokulawula izimboni (i-ICS) adalulwe engxenyeni yokuqala (1H) ka-2020 bungaxhashazwa ukude, kugqanyiswe ukubaluleka kokuvikela amadivayisi e-ICS abheke ku-inthanethi nokuxhumana okukude, ngokusho kokwethulwa.Umbiko we-Biannual ICS wobungcuphe nokuba sengcupheni, ekhishwe kuleli sonto nguI-Claroty, uchwepheshe womhlaba wonke kuukuphepha kobuchwepheshe bokusebenza (OT).

Lo mbiko uhlanganisa ukuhlola kwethimba le-Claroty locwaningo lokuba sengozini kwe-365 ICS okushicilelwe yi-National Vulnerability Database (NVD) kanye nezeluleko ezingu-139 ICS ezikhishwe yi-Industrial Control Systems Cyber ​​Emergency Response Team (ICS-CERT) phakathi no-1H 2020, okuthinta abathengisi abangu-53.Ithimba labacwaningi be-Claroty lithole okungu-26 kobungozi obufakwe kule sethi yedatha.

Ngokombiko omusha, uma kuqhathaniswa no-1H 2019, ubungozi be-ICS obushicilelwe yi-NVD bukhuphuke ngo-10.3% busuka ku-331, kuyilapho izeluleko ze-ICS-CERT zikhuphuke ngo-32.4% zisuka ku-105. Ngaphezulu kuka-75% wokuba sengozini kunikezwe Amaphuzu Avamile Wokungcupheni aphezulu noma abucayi. Izikolo zesistimu (CVSS).

"Kukhona ukuqwashisa okuphezulu ngezingozi ezibangelwa ukukhubazeka kwe-ICS kanye nokugxila okubukhali phakathi kwabacwaningi nabathengisi ukuze bakhombe futhi balungise lobu buthakathaka ngendlela ephumelelayo nangempumelelo ngangokunokwenzeka," kusho u-Amir Preminger, i-VP yocwaningo e-Claroty.

Wengeze wathi, “Sisibonile isidingo esibalulekile sokuqonda, ukuhlola, kanye nokubika ngengozi ebanzi ye-ICS kanye nesimo sobungozi ukuze kuzuze wonke umphakathi wezokuphepha we-OT.Esikutholile kukhombisa ukuthi kubaluleke kangakanani ukuthi izinhlangano zivikele ukuxhumana nokufinyelela kude namadivayisi e-ICS abhekene ne-inthanethi, futhi zivikele ebugebengwini bokweba imininingwane ebucayi, ogaxekile, kanye ne-ransomware, ukuze kuncishiswe futhi kuncishiswe imithelela engaba khona yalezi zinsongo.”

Ngokombiko, ngaphezu kuka-70% wobungozi obushicilelwe yi-NVD bungaxhashazwa ukude, okuqinisa iqiniso lokuthi amanethiwekhi e-ICS anegebe eliphelele lomoya.ukuhlukanisiwe nezinsongo ze-cybersekuyinsakavukela umchilo wesidwaba.

Ukwengeza, umthelela ovame kakhulu okungenzeka kube ukukhishwa kwekhodi okude (RCE), okungenzeka ngo-49% wobungozi - okubonisa ukuvelela kwayo njengendawo ehamba phambili yokugxila ngaphakathi komphakathi wocwaningo lwezokuphepha lwe-OT - okulandelwa ikhono lokufunda idatha yohlelo lokusebenza (41%). , kubangela ukunqatshelwa kwesevisi (DoS) (39%), kanye nezindlela zokuvikela zokudlula (37%).

Ucwaningo luthola ukuvelela kokuxhashazwa kude kubhebhethekiswe ukushintsha okusheshayo emhlabeni wonke kubasebenzi abakude kanye nokwethembela okwengeziwe ekufinyeleleni ukude kumanethiwekhi e-ICS.ekuphenduleni ubhubhane lwe-COVID-19.

Ngokombiko, imikhakha yengqalasizinda yamandla, ukukhiqiza okubalulekile, kanye namanzi kanye namanzi angcolile yiyona ethinteke kakhulu ekubeni sengozini okushicilelwe ngezeluleko ze-ICS-CERT phakathi no-1H 2020. Kuma-CVEs (ama-CVE) ayingqayizivele angu-385 afakiwe ezelulekweni. , amandla abe nama-236, ukukhiqizwa okubalulekile kwaba ne-197, kanti amanzi namanzi angcolile abe na-171. Uma kuqhathaniswa no-1H 2019, amanzi kanye namanzi angcolile ahlangabezane nokwanda okukhulu kwama-CVEs (122.1%), kuyilapho ukukhiqizwa okubalulekile kukhuphuke ngo-87.3% kanye namandla ngo-58.9%.

Ucwaningo lwe-Claroty lwathola ubungozi obungu-26 be-ICS obudalulwa phakathi no-1H 2020, lubeka phambili ubungozi obubalulekile noma obunobungozi obungathinta ukutholakala, ukwethembeka, nokuphepha kwemisebenzi yezimboni.Ithimba ligxile kubathengisi be-ICS kanye nemikhiqizo enezisekelo ezinkulu zokufaka, izindima ezibalulekile ekusebenzeni kwezimboni, kanye naleyo esebenzisa izivumelwano lapho abacwaningi be-Claroty benobuchwepheshe obukhulu khona.Umcwaningi uthi lobu buthakathaka obungama-26 bungaba nomthelela omubi kumanethiwekhi e-OT athintekile, ngoba ngaphezu kuka-60% kunika amandla uhlobo oluthile lwe-RCE.

Kubathengisi abaningi abathintwe ukutholwa kuka-Claroty, lokhu bekuwukuba sengozini kwabo kokuqala okubikiwe.Ngenxa yalokho, baqhubeke nokwakha amaqembu okuvikela azinikele nezinqubo zokubhekana nokutholwa kobungozi okwandayo ngenxa yokuhlangana kwe-IT ne-OT.

Ukuze ufinyelele isethi ephelele yokutholiwe kanye nokuhlaziywa okujulile,download iI-Claroty Biannual ICS Umbiko Wobungozi nokuba sengozini: 1H 2020lapha.

 


Isikhathi sokuthumela: Sep-07-2020