Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Over 40,000 Internet-Exposed ICS Devices Found in US: Censys

Censys has found more than 40,000 internet-exposed ICS devices in the US, and notifying owners is in many cases impossible.

LAS VEGAS — BLACK HAT USA 2024 — An analysis conducted by internet intelligence platform Censys shows that there are more than 40,000 internet-exposed industrial control systems (ICS) in the United States, and notifying their owners about the exposure is in many cases impossible.

Censys pointed out that more than half of these systems are likely associated with building control and automation, and roughly 18,000 are actually used to control industrial systems. 

The company also found that more than half of the hosts running low-level automation protocols, which enable communications between ICS, are concentrated in wireless and consumer access networks such as Comcast and Verizon. 

In the case of human-machine interfaces (HMIs), which are used to monitor and control industrial systems, 80% are in networks provided by companies such as AT&T and Verizon. 

The fact that these systems are hosted on wireless or consumer networks means it’s likely not possible to contact the owner and warn them about the exposure.

“While HMIs and web administration interfaces occasionally offer clues as to ownership (e.g., city or location information in the user interface), automation protocols rarely expose such context, making it impossible to determine sector or organizational ownership for these devices. In turn, this makes notifying the owners of these device exposures impossible in many cases,” Censys explained.

In the case of HMIs associated with water systems, Censys found that nearly half can be manipulated without authentication.

The risks associated with these exposed HMIs are not only theoretical. Threat actors have been known to target such systems in their attacks.

A group of alleged hacktivists calling itself ‘Cyber Army of Russia Reborn’ caused a small Texas town’s water system to overflow

Advertisement. Scroll to continue reading.

The Cyber Av3ngers hacktivist group, which is believed to be a persona used by the Iranian government, has targeted multiple water facilities in the United States.

In addition, the China-linked Volt Typhoon group can also pose a serious threat to ICS and other operational technology (OT) systems, with evidence suggesting that they have been exfiltrating sensitive data. 

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 21-24, 2024 | Atlanta
www.icscybersecurityconference.com

Related: EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems

Related: FrostyGoop ICS Malware Left Ukrainian City’s Residents Without Heating

Related: Major US, UK Water Companies Hit by Ransomware

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights