CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

ICS Security: 145,000 Systems Exposed to Web, Many Industrial Firms Hit by Attacks

Censys and Kaspersky publish ICS security reports looking into exposure to attacks and actual attacks suffered by industrial organizations.

ICS vulnerabilities

Worldwide there are more than 145,000 internet-exposed industrial control systems (ICS), according to internet intelligence platform provider Censys. 

The company’s latest ‘State of the Internet’ report also reveals that the devices are spread out across 175 countries, with 38% of them located in North America, 35% in Europe and 22% in Asia. 

In the United States, there are 48,000 exposed systems. Censys previously reported seeing 40,000 internet-exposed ICS systems in the United States.

In comparison, a Shodan search currently shows roughly 110,000 worldwide ICS systems directly accessible from the web. 

[ Read: PLCHound Aims to Improve Detection of Internet-Exposed ICS ]

Censys’ latest report shows that the exposed ICS devices are accessible on common protocols, such as Modbus, Fox, BACnet, WDBRPC (Wind River), EIP, S7 (Siemens), and IEC 60870-5-104. 

However, the company noticed some regional specifics. For instance, Fox, BACnet, ATG, and C-More (AutomationDirect) are more common in North America, while Modbus, S7, and IEC 60870-5-104 are more widely seen in Europe.

Many of the exposed ICS instances are human-machine interfaces (HMIs), which are often targeted by threat actors due to how easily they can be hacked. Censys found that 34% of HMIs accessible via the C-More protocol are associated with water systems, which are often targeted in attacks, and 23% are used in the agriculture sector.

Advertisement. Scroll to continue reading.

The company also noticed that nearly 200 of the hosts running HMIs were also running products from vendors covered by the US National Defense Authorization Act (NDAA) Section 889, which prohibits the use of Chinese equipment.

“While not all of these hosts are critical infrastructure, government-operated, or even located in the US, this serves as a reminder that operators should be mindful of what products and software they allow to run alongside industrial processes,” Censys noted.

Separately, a brief report published on Thursday by Kaspersky shows that — based on a survey of over 400 people conducted in August — nearly 90% of industrial companies in the UK have been hit by cyberattacks, with nearly half of the incidents being considered ‘major disruptions’.

The survey found that 72% of respondents felt that their connected and automated supply chains were vulnerable to cyberattacks.

The main cybersecurity threats perceived by industrial organizations are vulnerabilities in IoT and other connected devices, unauthorized access to manufacturing systems and sensitive data, DDoS attacks, and insider threats. 

Related: Homeland Security Department Releases Framework for Using AI in Critical Infrastructure

Related: ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell

Related: Schneider Electric Launches Probe After Hackers Claim Theft of User Data

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.