A recent investigation has unveiled the alarming exposure of over 145,000 Industrial Control Systems (ICS) on the internet, spanning 175 countries. The United States leads with the highest number of exposed systems, constituting more than a third of the total.

Regional Exposure:

North America: 38% - Europe: 35.4% - Asia: 22.9% - Oceania: 1.7% - South America: 1.2% - Africa: 0.5%

Countries with Highest Exposure:

Leading the list is the United States with over 48,000 systems. Other countries include Turkey, South Korea, Italy, Canada, Spain, China, Germany, France, the U.K., Japan, Sweden, Taiwan, Poland, and Lithuania.

ICS Protocols and Regional Patterns:

Notable ICS protocols identified include Modbus, IEC 60870-5-104, CODESYS, and OPC UA. In Europe, there is a higher use of Modbus, S7, and IEC 60870-5-104, whereas Fox, BACnet, ATG, and C-more are prevalent in North America. -

Vulnerability of C-more HMIs:

Approximately 34% of C-more human-machine interfaces (HMIs) relate to water and wastewater management, while 23% are tied to agriculture.

According to Zakir Durumeric, co-founder and chief scientist at Censys, many ICS protocols originated in the 1970s, remaining integral to industrial processes without equivalent advancements in security measures. Understanding how these systems are exposed is crucial to safeguarding critical infrastructure.

Malware Threats and Recent Incidents:

Though ICS-targeted cyber attacks are relatively scarce—with only nine malware strains documented—there's been a noticeable rise in such threats due to geopolitical tensions. Notably, the malware FrostyGoop, linked to attacks on Ukrainian energy firms, exploits Modbus TCP communications, posing a significant operational technology (OT) risk.

In the U.S., the Municipal Water Authority of Aliquippa, Pennsylvania, was compromised through internet-exposed PLCs. Attackers defaced systems with anti-Israel messaging. The reported exposure of HMIs primarily involves major ISPs such as Verizon, Deutsche Telekom, and Turkcell, with many located in the U.S., Germany, and Canada.

Broader Implications and Recommendations:

The research underscores the vast attack surface these ICS and OT networks represent to malicious actors. Organizations are urged to audit and secure vulnerable systems, change default credentials, and enhance network monitoring efforts. Additionally, a surge in botnet malware like Aisuru and Kaiten emphasizes the urgent need for robust defenses against both DDoS attacks and data breaches.

Concluding Observations:

The current landscape underlines the necessity for improved protection strategies in ICS and OT networks. Enhanced cooperation from telecommunications providers and comprehensive security protocols are essential to mitigate risks to these critical systems.

The link has been copied!