Rewterz Threat Update – Nearly 100,000 Industrial Control Systems Exposed to Attackers Online

Severity

High

Analysis Summary

Researchers have warned that approximately 100,000 industrial control systems (ICS) have been exposed online on the public web and are vulnerable to attackers for unauthorized access. These ICS include traffic light systems, power grids, water systems, and security. The exposed units are for critical infrastructure systems like sensors, switches, automatic tank gauges, etc.

The data that researchers have collected show that things have slowly gotten better over the past few years as the number of exposed devices have dropped significantly since 2019. Industrial systems are prone to critical vulnerabilities, impacting a huge range of ICS. It is estimated that about 20% of ICS are vulnerable to critical flaws.

The most affected countries are: the US, Canada, Italy, the UK, France, the Netherlands, Germany, Spain, Poland, and Sweden. Meanwhile, the least secure sectors when it comes to ICS security are education, government, technology, business services, utilities, manufacturing, real estate, hospitality, energy, and finance.

Targeting vulnerable ICS is a favorite of state-sponsored threat actors by infecting them with malware and causing disruptions. The authorities in the US have urged the system administrators many times about the importance of securing their critical infrastructure.

It is not confirmed as to how many of the 100,000 exposed ICS are exploitable. It is recommended that organizations strengthen their security of remote access by implementing VPN access, role-based access control, multi-factor authentication, and network segmentation.

“Manufacturers of industrial control systems and other operational technology must take action to increase the cybersecurity of their devices. This includes improving device security prior to deployment and working with clients to ensure the proper configuration and security of already deployed devices”, they conclude.

Impact

• Unauthorized Access

Remediation

• To enhance security, organizations should identify and assess the security of their industrial control systems (ICS), both internal and those of third-party partners. 
• Additionally, they should ensure that ICS are not accessible from the public internet and employ safeguards like firewalls to prevent unauthorized access, recognizing the distinct control requirements of operational technology (OT) and ICS beyond traditional IT risk models.
• Manufacturers of industrial control systems and operational technology must prioritize cybersecurity by enhancing device security before deployment and assisting clients in configuring and securing deployed devices
• Leading manufacturers are advised to adopt innovative approaches, such as secure-by-design principles, leveraging data for improved security, and implementing programs for swift detection of misconfigurations or exposed systems, to strengthen the security of their devices and protect their customers.
• Identify and address any vulnerabilities or weaknesses that the attackers may have exploited. Apply patches and updates to software, operating systems, and applications to strengthen the security posture.
• Develop and update a comprehensive incident response plan that outlines roles, responsibilities, and steps to take in the event of a cyberattack. Regularly test and update the plan.
• Implement continuous monitoring of network traffic and system logs to detect any suspicious activity and respond promptly to emerging threats.
• Strengthen security measures for third-party vendors and partners to prevent potential entry points for attackers.
• Develop a long-term cybersecurity strategy that includes regular security assessments, training, and updates to stay ahead of evolving threats.