Saturday, December 7, 2024
HomeCyber Attack145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Published on

SIEM as a Service

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report from Censys reveals that over 145,000 industrial control system (ICS) devices are exposed to the internet.

Among these, thousands of human-machine interfaces (HMIs) — which allow operators to control critical systems — remain unsecured, leaving them vulnerable to exploitation by malicious actors.

The findings highlight the growing risks to essential services like energy, water, and transportation, where even small disruptions can have far-reaching consequences. 

- Advertisement - SIEM as a Service

The report paints a stark picture of global ICS vulnerabilities. Many HMIs, designed to simplify system management, are accessible online without authentication, offering attackers a direct route into vital operations.

These interfaces bypass the need for specialized knowledge of ICS protocols, enabling attackers to manipulate critical systems with alarming ease.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Unsecured ICS Devices Exposed

North America leads the world in ICS exposure, accounting for 38% of global vulnerabilities, with the United States alone hosting over one-third of the exposed devices.

The report also details real-world examples, such as attacks on water systems in Pennsylvania and Texas, where exposed HMIs were exploited to manipulate operations without requiring advanced ICS expertise. 

For years, the focus of ICS cybersecurity has been on safeguarding specialized protocols like Modbus and DNP3.

However, the Censys report underscores a more immediate threat: exposed HMIs and remote access points.

These interfaces often misconfigured and lacking even basic security measures, present low-complexity entry points that attackers can exploit with minimal effort.

Their user-friendly design makes them particularly appealing targets, as they allow direct operational control without the need for deep technical knowledge. 

According to recent research from GreyNoise, a threat intelligence firm that studied internet-connected HMIs during the summer of 2024.

Their findings revealed that such systems are scanned and probed by attackers almost immediately upon being discovered online. In some cases, over 30% of IP addresses scanning these devices were later identified as malicious.

Interestingly, the research found that attackers often targeted remote access protocols like Virtual Network Computing (VNC) rather than ICS-specific protocols, further highlighting the need to secure these entry points. 

The growing exposure of ICS devices is more than a technical issue; it is a societal challenge. Safeguarding critical infrastructure requires immediate attention.

Organizations must conduct thorough inventories of internet-facing systems, secure HMIs with strong authentication and network segmentation, and monitor systems for potential reconnaissance activity.

While protecting ICS protocols remains important, the focus must shift to securing low-hanging vulnerabilities like HMIs and remote access services. 

The vulnerabilities outlined in the Censys report are a wake-up call. If left unaddressed, they could lead to catastrophic consequences for public safety and national security. The time to act is now — securing critical systems and closing exploitable gaps is no longer optional but essential.

Are you from SOC/DFIR Teams? – Analyse Malware & Phishing with ANY.RUN -> Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...