Newly released ‘Year in Review’ reports provide the ICS community with lessons learned from 2018
Dragos Inc has released its annual industrial controls system (ICS) 2018 Year in Review reports today. Consisting of three reports – the Industrial Controls System Vulnerabilities Report, ICS Activity Groups and the Threat Landscape Report and the Lessons Learned from Hunting and Responding to Industrial Intrusions Report – provide important metrics and findings tracking ICS adversaries, identifying vulnerabilities and threats and performing assessments, threat hunts, and incident response in industrial environments.
- Industrial controls system vulnerabilities report: Providing analysis of the ICS-specific vulnerabilities from 2018 and the impacts, risks, and mitigation options. The company tracked 204 public vulnerability advisories with an impact on ICS. 68% of advisories covered network-exploitable vulnerabilities, yet only 28% of these network-exploitable advisories provided mitigation advice sufficient to take effective action.
- ICS activity groups and the threat landscape report: Gives insights into threat activity groups actively targeting industrial organisations, providing details of their activity, methodology, victimology, and future concerns. The team has tracked three new ICS activity groups since 2017 and identified a growing trend of adversaries using open source or commercially-available penetration testing tools to pivot from IT networks to ICS networks.
- Lessons learned from hunting and responding to industrial intrusions report: The threat operations centre (TOC) provides a synopsis of lessons learned while proactively hunting for adversaries in industrial environments and responding to intrusions. In 2018, 37% of Dragos’ incident response engagements involved an initial vector dating over 365 days, while all other engagements were either inconclusive or detected and contained by facility teams and Dragos as they occurred.
The Year in Review reports can be found here: https://dragos.com/year-in-review/.