Microsoft’s Cyber Signals report highlights a rise in cyber risks to critical infrastructure
Microsoft’s Cyber Signals report reveals an uptick in cyber threats to critical infrastructure, emphasizing risks posed by various technologies. Specific concerns include unpatched vulnerabilities in industrial controllers, numerous publicly visible devices using outdated software, and a significant rise in high-severity vulnerabilities in industrial control equipment by major vendors.
The third edition of Cyber Signals, a yearly report which highlights security trends and insights from Microsoft’s 8,500 security experts and 43 trillion daily security signals, was recently launched. In this edition, experts present new information on broader threats to critical infrastructure posed by converging information technologies, the Internet of Things (IoT), and operational technology (OT) systems.
Some of the report’s highlights include:
- Unpatched, high-security vulnerabilities identified in 75% of the most common industrial controllers in customer OT networks.
- Over one million connected devices publicly visible on the internet running Boa, an outdated and unsupported software widely used in IoT devices and software development kits.
- An 78% increase in disclosures of high-severity vulnerabilities from 2020 to 2022 in industrial control equipment produced by popular vendors.