For CISOs tasked with safeguarding industrial networks, understanding IT security professionals' attitudes, perceptions, and concerns regarding operational technology (OT) is crucial to forging an effective path forward. Our latest research report offers a global perspective on the state of industrial cybersecurity based on an independent survey of 1,000 full-time IT security professionals across the United States, United Kingdom, Germany, France, and Australia.
Our research gleaned insight into the following areas, which are broken down in-depth in our Global State of Industrial Cybersecurity report:
The survey illuminated a notable lack of confidence in the status quo of OT safeguards among IT security professionals in the U.S. relative to other countries. For instance, 51% of industry practitioners in the U.S. believe today's industrial networks are not properly safeguarded, compared to just 4% of their German counterparts.
Worldwide, a clear majority (74%) of respondents in all regions characterized cyberattacks on critical infrastructure as having greater potential to inflict damage than an enterprise data breach.
Respondents identified hacking (43%), ransomware (33%), and sabotage (9%) as the most prevalent attacks against industrial networks. The survey also indicated consensus characterizing electric power (45%) as the sector most vulnerable to cyber attacks on critical infrastructure, followed by the oil and gas (22%), chemical (12%), and transportation (12%) sectors.
Despite a clear consensus (80%) that IT security teams are responsible for protecting an organization's industrial networks, a significant portion of respondents (25% globally, 34% in the U.S.) had not been trained on the differences between IT and OT networks. 93% of respondents said OT-focused cybersecurity should be incorporated into the education and training of IT security professionals.
In addition to identifying key areas for CISOs to focus their efforts, our Global State of Industrial Cybersecurity report offers an actionable roadmap for closing the decades-old cybersecurity gap between IT and OT through increased awareness and education, reduced complexity, simplified governance, and IT–OT alignment.
To learn more, download the report.
CWE-547 USE OF HARD-CODED, SECURITY-RELEVANT CONSTANTS:
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
Optigo Networks recommends users to upgrade to the following:
CVSS v3: 7.5
CWE-288 AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL:
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products.
Optigo Networks recommends users to upgrade to the following:
CVSS v3: 9.8
CWE-547 USE OF HARD-CODED, SECURITY-RELEVANT CONSTANTS:
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.
Optigo Networks recommends users to upgrade to the following:
CVSS v3: 7.5
CWE-912 HIDDEN FUNCTIONALITY:
The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device.
Per FDA recommendation, CISA recommends users remove any Contec CMS8000 devices from their networks.
If asset owners cannot remove the devices from their networks, users should block 202.114.4.0/24 from their networks, or block 202.114.4.119 and 202.114.4.120.
Please note that this device may be re-labeled and sold by resellers.
Read more here: Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated….
CVSS v3: 7.5
CWE-295 IMPROPER CERTIFICATE VALIDATION:
The affected product is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user.
Medixant recommends users download the v2025.1 or later version of their software.
CVSS v3: 5.7
