Microsoft has found a whole load of IoT and industrial cyber flaws

Majority of industrial controllers are at risk from cyberattack, Microsoft warns

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas identified a huge number of IoT security issues, finding unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer operational technology (OT) networks.

The tech giant’s research also found that 72% of the software exploits utilized by what Microsoft terms “Incontroller” are now available online.

“Incontroller” is what the Cybersecurity and Infrastructure Security Agency (CISA) describes as a “novel set of state-sponsored, industrial control system (ICS) oriented cyberattack tools”.

What is true scale of the issue?

Microsoft cited recent IDC figures that estimate there will be 41.6 billion connected IoT devices by 2025, a growth rate much higher than that of traditional IT equipment.

However, it claims that the development of IoT and OT device security has not kept pace with that of other IT systems, and threat actors are exploiting these devices.Microsoft pointed towards Russia’s cyberattacks against Ukraine, as well as other nation-state-sponsored cybercriminal activity, saying these demonstrate that “some nation-states view cyberattacks against critical infrastructure as desirable for achieving military and economic objectives”.

You certainly do not have to look far to see examples of these types of industrial IoT attacks wreaking havoc on all involved.

In May 2021, the Colonial Pipeline ransomware attackdisrupted the supply of natural gas in much of the Southern US, causing widespread price rises.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Industrial cyberattacks are hitting nearly all IoT companies>Millions of IoT devices and routers could have a mega security flaw>Our guide to the best malware removal

To mitigate these types of risks, Microsoft recommends customers work with stakeholders to map business-critical assets, in IT and OT environments, as well as work to identify what IoT and OT devices are critical assets by themselves, and which are associated with other critical assets.

Microsoft also recommends that organizations perform a risk analysis on critical assets, focusing on the business impact of different attack scenarios.

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.

7 myths about email security everyone should stop believing

Best Usenet client of 2024

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time