Microsoft Has Reportedly Found Tons of IoT and Industrial Cyber Flaws

Microsoft has reportedly found tons of IoT and industrial cyber flaws as the company warns that a host of industrial controllers are currently at the risk from cyberattacks.

Microsoft Has Reportedly Found Tons of IoT and Industrial Cyber Flaws

Microsoft Has Reportedly Found Tons of IoT and Industrial Cyber Flaws

Microsoft has now identified a large number of IoT security problems, finding unpatched, high-severity vulnerabilities in 75% of the most common industrial controllers in customer operational technology (OT) networks.

The research of the tech giant also found 72% of the software exploits used by what is termed by Microsoft as “Incontroller” are now available online.

“Incontroller” is what the Infrastructure Security Agency (CISA) and Cybersecurity describes as a “novel set of state-sponsored, industrial control system (ICS) oriented cyberattack tools”

41.6 Billion Connected To IoT Devices by 2025

Microsoft cited recent IDC figures that estimate that there will be 41.6 billion connected to IoT devices by the year 2025. This is a growth that is much higher than that of traditional IT equipment.

The company however claims that the development of IoT device security has not kept pace with that of other IT systems, and that threat actors are now exploiting these devices.

Microsoft pointed out Russia’s cyberattacks against Ukraine as well as other nation-state-sponsored cybercriminal activity, citing that these demonstrated that “some nation-states view cyberattacks against critical infrastructure as desirable for achieving military and economic objectives”.

The Effects of These Types of Industrial IoT Attacks

You really do not have to look very far to see the instances of these types of industrial IoT attacks causing havoc on all parties involved. Back in May 2021, the Colonial Pipeline ransomware attack disrupted the supply of natural gas in as much as the Southern US, thus causing a widespread rise in prices.

What Microsoft Is Doing To Salvage the Issues?

Microsoft in trying to mitigate these types of risks recommends that customers work with stakeholders in mapping out business-critical assets in IT and OT environments, as well as working to identify what IoT and OT devices are critical assets by themselves and also which are associated with other critical assets.

The tech company also recommends that organizations perform a risk analysis on critical assets, thus focusing on the business impact of different attack scenarios.


Please enter your comment!
Please enter your name here