Ethical Hacking News
Recent research has revealed that a staggering 145,000 industrial control systems across 175 countries have been exposed online, highlighting the growing concern for cybersecurity experts worldwide.
Over 145,000 internet-exposed Industrial Control Systems (ICS) have been found worldwide. The majority of exposed devices are located in North America and Europe. Critical infrastructure systems are vulnerable to attack surfaces that are regionally unique. Malware targeting ICS systems is on the rise, with incidents reported in healthcare organizations and critical infrastructure. Cooperation from telcos hosting services is necessary to tackle this issue. The risk of cyber attacks is compounded by botnet malware exploiting OT default credentials.
In recent months, a plethora of alarming reports have emerged regarding the vulnerabilities of critical infrastructure systems around the world. The latest such report highlights the existence of over 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the United States alone accounting for more than one-third of these exposed devices.
According to attack surface management company Censys, which conducted an analysis of these ICS systems, a staggering 38% of the devices are located in North America, while 35.4% are found in Europe, 22.9% in Asia, and 1.7% in Oceania. The countries with the most ICS service exposures include the U.S., Turkey, South Korea, Italy, Canada, Spain, China, Germany, France, the United Kingdom, Japan, Sweden, Taiwan, Poland, and Lithuania.
The metrics used for this analysis were derived from the exposure of several commonly-used ICS protocols such as Modbus, IEC 60870-5-104, CODESYS, OPC UA, and others. One important aspect that stands out is that the attack surfaces are regionally unique, with Modbus, S7, and IEC 60870-5-104 being more widely observed in Europe, while Fox, BACnet, ATG, and C-more are more commonly found in North America.
Some ICS services that are used in both regions include EIP, FINS, and WDBRPC. Interestingly, 34% of C-more human-machine interfaces (HMIs) are water and wastewater-related, while 23% are associated with agricultural processes.
"HMIs often contain company logos or plant names that can aid in identification of the owner and sector," said Censys. "ICS protocols rarely offer this same information, making it nearly impossible to identify and notify owners of exposures."
To tackle this issue, cooperation from major telcos hosting these services is likely necessary to solve this problem.
The risk to such environments is compounded by a spike in botnet malware — Aisuru, Kaiten, Gafgyt, Kaden, and LOLFME — exploiting OT default credentials to not only use them for conducting distributed denial-of-service (DDoS) attacks, but also wiping data present within them.
Earlier this year, Digital Imaging and Communications in Medicine (DICOM) workstations and Picture Archiving and Communication Systems (PACS), pump controllers, and medical information systems were identified as the most at-risk medical devices to healthcare delivery organizations (HDOs).
"Cybersecurity experts warn that healthcare organizations will continue to face challenges with medical devices using legacy or non-standard systems," said Daniel dos Santos, head of security research at Forescout. "A single weak point can open the door to sensitive patient data."
To secure these growing healthcare networks, identifying and classifying assets, mapping network flow of communications, segmenting networks, and continuous monitoring are essential.
Furthermore, recent reports have highlighted the rise of malware specifically targeting ICS systems. In an incident recorded in the U.S. last year, the Municipal Water Authority of Aliquippa, Pennsylvania, was breached by taking advantage of an internet-exposed Unitronics programmable logic controller (PLC) to deface systems with an anti-Israel message.
The attack surface for critical infrastructure is growing increasingly complex and it is imperative that organizations take steps to identify and secure exposed OT and ICS devices. In addition, updating default credentials and monitoring networks for malicious activity are crucial in preventing such attacks from happening.
Lastly, the disclosure comes weeks after Forescout revealed that the vulnerability was not limited to DICOM and other medical devices but can be exploited across multiple environments including industrial control systems and even some consumer-grade applications.
In conclusion, with over 145,000 internet-exposed ICS systems found worldwide, cybersecurity experts are sounding the alarm. The risks associated with these vulnerabilities cannot be understated and prompt immediate action must be taken to protect our critical infrastructure from cyber threats.
Related Information:
https://thehackernews.com/2024/11/over-145000-industrial-control-systems.html
Published: Thu Nov 21 07:02:19 2024 by llama3.2 3B Q4_K_M
