- Cyber Syrup
- Posts
- Over 145,000 Exposed Industrial Control Systems Discovered Worldwide
Over 145,000 Exposed Industrial Control Systems Discovered Worldwide
A recent report from Censys has identified over 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
Over 145,000 Exposed Industrial Control Systems Discovered Worldwide
A recent report from Censys, a leading attack surface management company, has identified over 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries. This startling discovery highlights significant cybersecurity vulnerabilities in critical infrastructure. The United States leads the count, accounting for over one-third of these exposures, with more than 48,000 devices exposed.
The analysis sheds light on the distribution of vulnerabilities:
38% of exposed devices are located in North America.
35.4% are in Europe.
22.9% are in Asia.
Smaller percentages are spread across Oceania, South America, and Africa.
ICS systems, foundational for industries like energy, water treatment, and manufacturing, are often outdated, making them an attractive target for cybercriminals.
Who Is at Risk?
Industries at Risk
Industries heavily reliant on ICS, including:
Water and Wastewater Management: 34% of exposed C-more HMIs (Human-Machine Interfaces) are tied to water systems.
Agriculture: 23% of C-more devices support agricultural processes.
Energy and Manufacturing: These sectors are frequently targeted due to their critical roles in national infrastructure.
Geographic Concentrations
Countries with the highest number of exposed ICS services include:
United States
Turkey
South Korea
Italy
Canada
China, among others.
Specific ICS protocols like Modbus, IEC 60870-5-104, and S7 are more prevalent in Europe, while North America sees widespread use of protocols like Fox and BACnet.
Why Are These Systems Vulnerable?
Many ICS systems were designed decades ago, prioritizing functionality over security. Key vulnerabilities include:
Default Credentials: Many systems still use factory-set passwords, easily exploitable by attackers.
Remote Accessibility: To support remote monitoring, HMIs and other ICS components are increasingly exposed online.
Legacy Protocols: Protocols like Modbus, dating back to the 1970s, lack modern security measures.
Insufficient Monitoring: Many systems reside on mobile or business-grade ISPs, offering limited metadata and making owner identification difficult.
Recent Cyberattacks on ICS Systems
Malware Threats
Cyberattacks on ICS systems have been increasing, especially during geopolitical conflicts:
FrostyGoop Malware: Disrupted operational technology (OT) networks by exploiting Modbus TCP communications.
Municipal Water Authority Hack: Hackers exploited Unitronics PLCs to disrupt water services and deface systems with political messages.
Botnet Exploits
Malware like Aisuru, Kaiten, Gafgyt, Kaden, and LOLFME exploit default credentials in OT systems to:
Launch Distributed Denial-of-Service (DDoS) attacks.
Wipe data within compromised systems.
How to Protect Yourself and Your Organization
Organizations relying on ICS systems must adopt robust security measures to mitigate risks:
Steps for Securing ICS Systems
Identify and Classify Assets
Use automated tools to discover exposed devices and map their functions.
Change Default Credentials
Replace factory-set passwords with strong, unique credentials.
Segment Networks
Separate ICS systems from general IT networks to limit potential attack vectors.
Update Software and Firmware
Regularly patch and update devices to address known vulnerabilities.
Implement Continuous Monitoring
Deploy tools to monitor network traffic for unusual activities.
Adopt Multi-Layered Defense
Utilize firewalls, intrusion detection systems (IDS), and antivirus software to create layered defenses.
Broader Implications: A Need for Industry-Wide Collaboration
Role of Government and Private Entities
The EPA has previously flagged the lack of proper cybersecurity practices in water systems, warning that over 70% of systems did not meet compliance standards. The report underscores the urgent need for collaboration between government agencies and private entities to:
Establish robust incident reporting systems.
Develop standardized security protocols.
Lessons from Healthcare Security
A similar situation exists in the healthcare industry, where legacy systems are a major weak link. Devices like DICOM workstations and medical imaging systems are among the most exposed, demonstrating the universal need for better cybersecurity in critical infrastructure.
Conclusion
The discovery of over 145,000 internet-exposed ICS systems serves as a wake-up call for governments, industries, and cybersecurity professionals. With attackers increasingly targeting these vulnerabilities, proactive measures such as identifying assets, securing networks, and updating protocols are critical to safeguarding essential services. By addressing these risks now, organizations can prevent potentially devastating consequences for critical infrastructure worldwide.