Report: 88% increase in OT vulnerabilities last year


We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!

A new report from Skybox Research Lab revealed that 20,175 new vulnerabilities were published in 2021, the most vulnerabilities ever reported in a single year. And these new vulnerabilities are just the tip of the iceberg. The total number of vulnerabilities published in the past 10 years reached 166,938 in 2021 – a threefold increase in ten years. The report provides a deeper understanding of how quickly cybercriminals take advantage of new security vulnerabilities, reducing organizations’ time to fix vulnerabilities before an attack.

Operations technology (OT) vulnerabilities increased by 88%, which are used to attack critical infrastructure and expose vital systems to potentially devastating breaches. OT systems support energy, water, transportation, environmental control systems and other essential equipment. Attacks on these vital assets can cause serious economic damage and even endanger public health and safety.

When new vulnerabilities emerged in 2021, threat actors wasted no time exploiting them. 168 vulnerabilities published in 2021 were promptly exploited in the wild within 12 months – 24% more than the number of vulnerabilities published in 2020 and subsequently exploited. In other words, threat actors and malware developers are getting better at weaponizing recent vulnerabilities.

New cryptojacking programs targeting known vulnerabilities were up 75% year over year along with the 42% increase in ransomware. Both cases illustrate how the malware industry is getting better at taking advantage of new business opportunities, providing a range of tools and services used by both seasoned cybercriminals and inexperienced newcomers.

The report paints a vivid picture of the new reality facing CISOs and their teams. The findings show not only how vulnerabilities — especially in OT — are spreading at an unprecedented rate, but also how threat actors are better and faster to respond to a range of new malware and exploits.

All findings in the report, unless otherwise noted, are based on data from Skybox Research Lab, the threat intelligence division of Skybox Security.

Read the full report by Skybox Research Lab.

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more about membership.

Leave a Reply

Your email address will not be published.