November 21, 2024 at 06:11AM
New research reveals over 145,000 internet-exposed Industrial Control Systems (ICS) in 175 countries, with the U.S. having the highest exposure. Key protocols used are outdated, increasing vulnerability. Cyber attacks targeting ICS are rare but rising, necessitating enhanced security measures. The analysis underscores the importance of monitoring and securing critical infrastructure.
**Meeting Takeaways: Internet-Exposed Industrial Control Systems (ICS)**
1. **Wide Exposure**: Over 145,000 internet-exposed ICS identified across 175 countries, with the U.S. having more than one-third of these exposures (over 48,000).
2. **Regional Distribution**:
– North America: 38% of devices
– Europe: 35.4%
– Asia: 22.9%
– Oceania: 1.7%
– South America: 1.2%
– Africa: 0.5%
3. **Common ICS Protocols**: Exposure derived from protocols like Modbus, IEC 60870-5-104, CODESYS, and OPC UA. Notably, some protocols are region-specific (e.g., Modbus popular in Europe, Fox and BACnet in North America).
4. **Malware Threats**: Increase in ICS-targeted malware, especially following geopolitical tensions. The malware FrostyGoop was highlighted for targeting an energy company in Ukraine, capable of disrupting Modbus TCP communications.
5. **Vulnerable Services**: Certain HMI systems are increasingly exposed, predominantly in the U.S., Germany, and Canada, raising security concerns about remote monitoring and access.
6. **Botnet Risks**: Notable botnet malware (Aisuru, Kaiten, Gafgyt) exploiting default OT credentials for DDoS attacks and data wiping, necessitating stringent security measures.
7. **Challenges in Identification**: The lack of identifiable metadata for ICS services complicates the process of notifying device owners about exposures. Cooperation with telecom providers is critical.
8. **Healthcare Implications**: Medical devices (e.g., DICOM systems) are particularly at risk, emphasizing the need for healthcare organizations to strengthen cybersecurity measures through asset identification and continuous monitoring.
9. **Need for Security**: Organizations are urged to secure exposed OT and ICS devices, update default credentials, and monitor networks proactively to mitigate risks associated with cyber threats.
**Action Items**:
– Increase awareness about the specific ICS protocols in use and their regional vulnerabilities.
– Implement security improvements following the latest findings on malware threats.
– Collaborate with ISPs and telecom companies to enhance the identification of exposed ICS devices.
– Prioritize cybersecurity training and resource allocation within healthcare organizations for better protection against emerging threats.