Censys releases final part of the 2024 State of the Internet Report: industrial control systems
Censys, who provides the leading Internet Intelligence Platform for Threat Hunting and Attack Surface Management (ASM), published the second half of its annual State of the Internet Report focusing on Internet-exposed Industrial Control Systems (ICS). Following the launch of part one in August 2024, this next phase of the report focuses on ICS protocols being leveraged by ICS-specific malware variants and human-machine interfaces (HMI), often used as a point of entry for many threat actors.
In its research, Censys found over 145,000 exposed ICS services worldwide, with more than 48,000 located in the U.S. alone. Censys investigated the exposure landscape to help the cybersecurity community better understand the true attack surface of ICS around the world and how to best protect it.
Attacks using ICS protocols are less common and require specialised knowledge and understanding of such environments. Censys recognizes that in order to protect real-world control systems, it is essential for security teams to understand and assess the exposure of these protocols and HMIs, which constitute an often overlooked yet vital component of the security ecosystem. With Censys’ comprehensive internet visibility, it was able to identify:
Of the 145,000 ICS services exposed globally, 38% of devices were located in North America, 35% in Europe, and 22% in Asia
Attack surfaces are regionally unique: Modbus, S7, and IEC 60870-5-104 are more widely observed in Europe, while Fox, BACnet, ATG, and C-More are more commonly found in North America
34% of C-More human-machine interfaces (HMIs) are water and wastewater related, while 23% are associated with agricultural processes
Nearly 200 hosts running HMIs also run products from vendors explicitly prohibited by the U.S.National Defense Authorization Act (NDAA) Section 889
Most observed ICS services and HMIs run on mobile or consumer and business-grade internet service providers (ISPs). Given the often remote nature of industrial facilities, a wired Internet connection may not be readily available
“Many of these protocols can be dated back to the 1970s but remain foundational to industrial processes without the same security improvements the rest of the world has seen. The security of ICS devices is a critical element in protecting a country’s critical infrastructure. To protect it, we must understand the nuances of how these devices are exposed and vulnerable,” said Zakir Durumeric, Co-Founder and Chief Scientist at Censys. “Censys’ unmatched visibility into the internet makes us the only company to not only see the full extent of critical infrastructure exposure but to drive its remediation with government and commercial partners.”
ICS security is consistently a focus of the cybersecurity and public sector community as its impact is far greater than many expect. As the industry continues to combat ICS-based attacks, it is critical now more than ever to understand the full ecosystem and every component of it.
To read part two of Censys’ State of the Internet: Industrial Control Systems report, click here: https://censys.com/the-2024-state-of-the-internet-report/
To learn more about the report, register for this informational webinar: https://cnys.io/y9lprg
About Censys
Censys, Inc.™ is the leading Internet Intelligence Platform for Threat Hunting and Attack Surface Management. Founded in 2017 in Ann Arbor, Michigan, Censys provides organisations with the most comprehensive real-time view of Internet infrastructure. Customers like Google, Cisco, Microsoft, Samsung, Swiss Armed Forces, the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, and over 50% of the Fortune 500 rely on Censys for a real-time, contextualised view into their internet and cloud assets. At Censys, you can be yourself. We like it that way. Diversity fuels our mission, and we are committed to inclusion across race, gender, age and identity. To learn more, visit censys.com and follow Censys on Twitter, Mastodon and LinkedIn.