Skip to content
July 7, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Cyber Security
  • Positive Technologies: “73 percent of industrial organizations’ networks are vulnerable to hackers”
  • Cyber Security

Positive Technologies: “73 percent of industrial organizations’ networks are vulnerable to hackers”

Do Son May 8, 2018 5 minutes read
Add Daily CyberSecurity as a preferred
source on Google

After the security company Positive Technologies analyzed the data of more than a dozen companies in the global oil and gas, metallurgy and energy industries, a research report released on May 3, 2018, pointed out that hackers may penetrate the corporate network and Use this as a springboard to access the industrial environment.

Positive Technologies researchers have successfully infiltrated up to 73% of industrial organizations. In 82% of successful penetration cases, researchers can use this as a springboard to further access the extensive industrial network of Industrial Control System (ICS) equipment.

The proportion of ICS vulnerable to malicious hacking is really worrying. ICS is a technical term that covers a wide range of systems including SCADA for use in controlling manufacturing, power, power and wastewater treatment, the oil and gas industry, and many other industrial automation sectors.

 

Although most of the previous ICS systems were physically isolated from non-safety networks such as the public Internet, this practice has now been phased out. At present, many ICSs have begun to use traditional and modern technologies to introduce super-connection capabilities, including dial-up networking, Bluetooth, and physical serial connections. He said, “Even mobile applications have even emerged to help manage and monitor ICS devices.”

The analysis and testing companies of the company are exposed by SSH, Telnet, RDP, and other management interfaces:

  • 91% of companies are still providing password dictionaries for privileged users.
  • In 82% of cases, other types of security flaws at the network boundary expose the DBMS interface;
  • In 64% of cases, use vulnerable software;
  • In 64% of cases, use of insecure protocols;
  • 45% of cases have any file upload vulnerability;
  • In 36% of cases, there were remote command execution vulnerabilities and excessive software and user privilege authorization.
  • In about 80% of cases, the degree of difficulty of using these loopholes is “low” or “very low.”

Researchers have discovered a large number of vulnerabilities in the corporate network that allow malicious attackers to raise power and move laterally. The most common problems are weak passwords, vulnerable software and operating systems, and loopholes in network segmentation and traffic filtering.

In about two-thirds of companies, hackers may have used special control channels that bypass the demilitarized zone (DMZ) to access industrial networks.

In 45% of the cases, the researchers found that the traffic filtering between the networks was poor, while some companies did not have a quarantine zone (18%) or no network segmentation (18%) between the networks.

Positive Technologies pointed out in the report that these loopholes are very serious, and once the attack is successful, critical servers will be threatened. The risk of remotely controlling the gateway server through a dedicated channel seems to be less because the attacker needs to access a specific workstation in the enterprise information system. In most cases, this method of infiltrating industrial networks proved to be successful. Security vulnerabilities that have already been fixed on common systems have long existed in industrial control systems. This is because companies are afraid to perform any adjustments and operations that may lead to business downtime. More importantly, the method used to protect ICS in the industrial sector – for example, isolating the device from the Internet connection system – often fails to prevent attacks.

Research shows that even if a network segment is properly deployed, attackers can still access industrial systems. Access includes access to the firewall through administrator privileges and reconfiguration allows connections from malicious or infected devices.

Researchers said that the most successful attack vectors currently originate from the use of security vulnerabilities in Web applications, including SQL injection, arbitrary file upload, and remote command execution. The report stated that “almost every enterprise is using a dictionary password to protect the Web server management system or to protect the remote access mechanism through a management protocol, which means that in as many as one-third of the attack cases, malicious people need only one successful intrusion. You can gain access to the LAN.”

The U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) issued a joint warning last month alleging that the Russian state supports hacking organizations to take the process mentioned by Positive Technologies to launch an attack on U.S. grid infrastructure – that is, first in the site. Get a foothold and move to a critical system.

The warning states that “DHS and the FBI categorized this as a multi-stage intrusion campaign initiated by cyber attackers supported by the Russian government. This activity is aimed at small commercial facility networks where they run the malicious software and implement spear networks. A phishing attack and access to remote access to the energy sector network. After gaining access, the Russian government supports cyber attackers to further perform network reconnaissance, lateral movement, and collect information related to the Industrial Control System (ICS).”

On May 3, 2018, Tenable, a network security vendor from Maryland, released security flaws that existed in two applications widely used by manufacturers and power plants. The company said that this may allow hackers to further increase their access to the ICS device network.

 

Researchers have found that in many cases, due to weak or inadequate protection, attackers can easily obtain the necessary credentials. An attacker can obtain credentials of the enterprise IT system (usually stored in clear text) by attacking the firewall directly or by obtaining an encrypted password.

Source: ptsecurity

Related coverage

  • Asyncshell: The Evolution of APT-K-47’s Cyber Arsenal
  • APT28’s Cyber Espionage: Targeting Governmental Systems in Ukraine and Poland
  • DarkGate Malware Makes a Comeback, Exploiting Excel and Samba Shares in Sophisticated Cyberattacks
  • Decoding AI Vulnerabilities: NIST’s Deep Dive into Adversarial Machine Learning
  • North Korea’s Andariel Group Deploys New RID Hijacking Technique for Stealthy Attacks

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: industrial organizations

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-20896CVSS 9.8
    Gitea Docker image: `REVERSE_PROXY_TRUSTED_PROXIES = *` default lets any source IP impersonate any user via `X-WEBAUTH-USER`
    Admin intel📅 Updated: Jul 6, 2026
  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2024-14037CVSS 9.8
    Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2026-8451CVSS 8.8
    Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured...
    Admin intel📅 Updated: Jul 2, 2026
  • CVE-2026-8037CVSS 9.6
    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to...
    Admin intel📅 Updated: Jul 1, 2026
  • CVE-2026-45659CVSS 8.8
    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
    CISA KEV📅 Added to KEV: Jul 1, 2026
  • CVE-2026-48558CVSS 10.0
    SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
    Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
  • CVE-2026-46817CVSS 9.8
    Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
    Admin intel📅 Updated: Jun 29, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-53483CVSS 9.8
    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
  • CVE-2026-53481CVSS 9.8
    Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
  • CVE-2026-27823
    ## Summary A critical vulnerability has been identified in EGroupware that may...
  • CVE-2026-14345CVSS 9.8
    The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click...
  • CVE-2026-34048CVSS 9.9
    Coolify is an open-source and self-hostable tool for managing servers, applications, and...
  • CVE-2026-34047CVSS 9.9
    Coolify is an open-source and self-hostable tool for managing servers, applications, and...
  • CVE-2026-34037CVSS 9.9
    Coolify is an open-source and self-hostable tool for managing servers, applications, and...
  • CVE-2026-55500CVSS 9.9
    ## Summary The `/api/settings/database` endpoint allows full database export (containing all credentials,...
  • CVE-2026-54496CVSS 9.3
    ### Summary A soundness vulnerability in the variable-base scalar multiplication gadget of...
  • CVE-2026-55615
    Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no...
Powered by CVE WATCHTOWER

Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.