A WhiteHat Security study showed that the utility sector's window of exposure to exploited application vulnerabilities rose from 55% two months ago to 67% last month, indicating worsening active exploit risks among utilities, reports Threatpost
"Application specific attacks are equally prevalent, if not more likely, than ransomware (Colonial Pipeline is fresh in our minds). Application weakness is an easy backdoor for the installation of ransomware, especially given the high-impact nature of the ransomware in utilities," said the report.
Several factors are behind the increasing vulnerability exposure of utility networks, including the transition of legacy systems to internet-facing applications and the growing practice of connecting internet of things systems and operational technology to backend operations, according to Setu Kulkarni, WhiteHat's vice president of strategy.
"OT/IoT systems themselves are not well-secured and at the same time the legacy transactional systems were not designed to meet the scale and security needs of this hyper-proliferation of OT/IoT devices," said Kulkarni.