Microsoft has found a whole load of IoT and industrial cyber flaws

IoT
(Image credit: Pixabay)

Microsoft has identified a huge number of IoT security issues, finding unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer operational technology (OT) networks.

The tech giant's research also found that 72% of the software exploits utilized by what Microsoft terms “Incontroller” are now available online. 

"Incontroller" is what the Cybersecurity and Infrastructure Security Agency (CISA) describes as a "novel set of state-sponsored, industrial control system (ICS) oriented cyberattack tools".

What is true scale of the issue?

Microsoft cited recent IDC figures that estimate there will be 41.6 billion connected IoT devices by 2025, a growth rate much higher than that of traditional IT equipment.

However, it claims that the development of IoT and OT device security has not kept pace with that of other IT systems, and threat actors are exploiting these devices.

Microsoft pointed towards Russia’s cyberattacks against Ukraine, as well as other nation-state-sponsored cybercriminal activity, saying these demonstrate that "some nation-states view cyberattacks against critical infrastructure as desirable for achieving military and economic objectives".

You certainly do not have to look far to see examples of these types of industrial IoT attacks wreaking havoc on all involved.

In May 2021, the Colonial Pipeline ransomware attack disrupted the supply of natural gas in much of the Southern US, causing widespread price rises.

To mitigate these types of risks, Microsoft recommends customers work with stakeholders to map business-critical assets, in IT and OT environments, as well as work to identify what IoT and OT devices are critical assets by themselves, and which are associated with other critical assets.

Microsoft also recommends that organizations perform a risk analysis on critical assets, focusing on the business impact of different attack scenarios.

  • Interested in keeping your organization safe from cyber threats? Check out our guide to the best firewalls
TOPICS

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.

Read more
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
IoT’s botnet problem is up 500% – three things admins must do now
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Hacker Typing
Racing against time on a menacing caldera: survey finds majority of organizations take days to tackle critical vulnerabilities, each of them a potential open goal for cybercriminals
Representational image of a hacker
The 10 worst software disasters of 2024: cyberattacks, malicious AI, and silent threats
Latest in Software & Services
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
Autonomous finance
Quickbooks vs Quicken: what are the main strengths and weaknesses for your business
finance
Quickbooks vs Xero: which is the best for your business?
Group of people meeting
Zoom vs Google Meet: which is the best video conferencing tool for your business?
Fingers typing on a computer keyboard.
Microsoft 365 Personal vs Microsoft 365 Family: are there any real differences?
Person at laptop
Windows 11 vs Windows 365: which is the best choice for businesses?
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough