145,000+ Unsecured ICS Devices Exposed To Attackers


A significant cybersecurity risk has been uncovered recently by Censys researchers that unveiled over 145,000 industrial control systems (ICS) devices are currently exposed to potential attackers on the internet.

This alarming discovery highlights the growing vulnerability of critical infrastructure systems that manage essential services such as electricity, water supply, and transportation.

SIEM as a Service

The report emphasizes a particularly concerning aspect of this exposure, and that is the “thousands of unsecured human-machine interfaces (HMIs).”

These interfaces, designed to facilitate the management of critical systems, have become prime targets for the threat actors due to their often inadequate protection.

As a result, security analysts at Censys and GreyNoise discovered over 145,000 exposed ICS devices and thousands of HMIs lack proper security measures which leads the threat actors to target these exposed systems actively.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Risks of Exposed HMIs

HMIs pose a significant risk to critical infrastructure for several reasons:-

  1. Ease of Access: Many HMIs are misconfigured and lack basic authentication, making them easily accessible to attackers.
  2. Direct Operational Control: Unlike complex protocols that require specialized knowledge to exploit, HMIs provide user-friendly interfaces for managing critical systems, making them attractive targets.
  3. Rapid Targeting: Exposed HMIs are often scanned and probed by attackers within moments of being discovered online.

GreyNoise, a cybersecurity company, conducted research during the summer of 2024 to assess the threat landscape for internet-connected HMIs. Their findings corroborate the urgency of addressing these vulnerabilities:-

  • Internet-connected HMIs were probed and scanned more quickly than typical control sensors
  • Over 30% of IP addresses that interacted with the HMIs were later identified as malicious
  • Attackers primarily focused on common Remote Access Service (RAS) protocols, with Virtual Network Computing (VNC) being of particular interest

To address these critical vulnerabilities, cybersecurity professionals and organizations managing ICS environments should take immediate action:

  1. Conduct a thorough inventory of all internet-facing systems, especially HMIs, and remove unnecessary exposure
  2. Implement strong authentication measures, network segmentation, and VPNs to prevent unauthorized access
  3. Monitor for reconnaissance activities, as attackers often scan systems before attempting exploitation
  4. Prioritize securing low-complexity entry points like HMIs and RAS that are actively being targeted by attackers

The exposure of these critical systems is not merely a technical issue but a societal one. As our modern world relies heavily on critical infrastructure, the risks posed by these vulnerabilities cannot be ignored.

It is important that organizations act promptly to secure their systems, implement real-time threat monitoring, and close the gaps that attackers are actively exploiting.

Are you from SOC/DFIR Teams? – Analyse Malware & Phishing with ANY.RUN -> Try for Free



Source link