Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report from Censys reveals that over 145,000 industrial control system (ICS) devices are exposed to the internet.
Among these, thousands of human-machine interfaces (HMIs) — which allow operators to control critical systems — remain unsecured, leaving them vulnerable to exploitation by malicious actors.
The findings highlight the growing risks to essential services like energy, water, and transportation, where even small disruptions can have far-reaching consequences.
The report paints a stark picture of global ICS vulnerabilities. Many HMIs, designed to simplify system management, are accessible online without authentication, offering attackers a direct route into vital operations.
These interfaces bypass the need for specialized knowledge of ICS protocols, enabling attackers to manipulate critical systems with alarming ease.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Unsecured ICS Devices Exposed
North America leads the world in ICS exposure, accounting for 38% of global vulnerabilities, with the United States alone hosting over one-third of the exposed devices.
The report also details real-world examples, such as attacks on water systems in Pennsylvania and Texas, where exposed HMIs were exploited to manipulate operations without requiring advanced ICS expertise.
For years, the focus of ICS cybersecurity has been on safeguarding specialized protocols like Modbus and DNP3.
However, the Censys report underscores a more immediate threat: exposed HMIs and remote access points.
These interfaces often misconfigured and lacking even basic security measures, present low-complexity entry points that attackers can exploit with minimal effort.
Their user-friendly design makes them particularly appealing targets, as they allow direct operational control without the need for deep technical knowledge.
According to recent research from GreyNoise, a threat intelligence firm that studied internet-connected HMIs during the summer of 2024.
Their findings revealed that such systems are scanned and probed by attackers almost immediately upon being discovered online. In some cases, over 30% of IP addresses scanning these devices were later identified as malicious.
Interestingly, the research found that attackers often targeted remote access protocols like Virtual Network Computing (VNC) rather than ICS-specific protocols, further highlighting the need to secure these entry points.
The growing exposure of ICS devices is more than a technical issue; it is a societal challenge. Safeguarding critical infrastructure requires immediate attention.
Organizations must conduct thorough inventories of internet-facing systems, secure HMIs with strong authentication and network segmentation, and monitor systems for potential reconnaissance activity.
While protecting ICS protocols remains important, the focus must shift to securing low-hanging vulnerabilities like HMIs and remote access services.
The vulnerabilities outlined in the Censys report are a wake-up call. If left unaddressed, they could lead to catastrophic consequences for public safety and national security. The time to act is now — securing critical systems and closing exploitable gaps is no longer optional but essential.
Are you from SOC/DFIR Teams? – Analyse Malware & Phishing with ANY.RUN -> Try for Free