Worldwide there are more than 145,000 internet-exposed industrial control systems (ICS), according to internet intelligence platform provider Censys.
The company’s latest ‘State of the Internet’ report also reveals that the devices are spread out across 175 countries, with 38% of them located in North America, 35% in Europe and 22% in Asia.
In the United States, there are 48,000 exposed systems. Censys previously reported seeing 40,000 internet-exposed ICS systems in the United States.
In comparison, a Shodan search currently shows roughly 110,000 worldwide ICS systems directly accessible from the web.
[ Read: PLCHound Aims to Improve Detection of Internet-Exposed ICS ]
Censys’ latest report shows that the exposed ICS devices are accessible on common protocols, such as Modbus, Fox, BACnet, WDBRPC (Wind River), EIP, S7 (Siemens), and IEC 60870-5-104.
However, the company noticed some regional specifics. For instance, Fox, BACnet, ATG, and C-More (AutomationDirect) are more common in North America, while Modbus, S7, and IEC 60870-5-104 are more widely seen in Europe.
Many of the exposed ICS instances are human-machine interfaces (HMIs), which are often targeted by threat actors due to how easily they can be hacked. Censys found that 34% of HMIs accessible via the C-More protocol are associated with water systems, which are often targeted in attacks, and 23% are used in the agriculture sector.
The company also noticed that nearly 200 of the hosts running HMIs were also running products from vendors covered by the US National Defense Authorization Act (NDAA) Section 889, which prohibits the use of Chinese equipment.
“While not all of these hosts are critical infrastructure, government-operated, or even located in the US, this serves as a reminder that operators should be mindful of what products and software they allow to run alongside industrial processes,” Censys noted.
Separately, a brief report published on Thursday by Kaspersky shows that — based on a survey of over 400 people conducted in August — nearly 90% of industrial companies in the UK have been hit by cyberattacks, with nearly half of the incidents being considered ‘major disruptions’.
The survey found that 72% of respondents felt that their connected and automated supply chains were vulnerable to cyberattacks.
The main cybersecurity threats perceived by industrial organizations are vulnerabilities in IoT and other connected devices, unauthorized access to manufacturing systems and sensitive data, DDoS attacks, and insider threats.
Related: Homeland Security Department Releases Framework for Using AI in Critical Infrastructure
Related: ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell
Related: Schneider Electric Launches Probe After Hackers Claim Theft of User Data
