Cyber Security News

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report from Censys reveals that over 145,000 industrial control system (ICS) devices are exposed to the internet.

Among these, thousands of human-machine interfaces (HMIs) — which allow operators to control critical systems — remain unsecured, leaving them vulnerable to exploitation by malicious actors.

The findings highlight the growing risks to essential services like energy, water, and transportation, where even small disruptions can have far-reaching consequences. 

The report paints a stark picture of global ICS vulnerabilities. Many HMIs, designed to simplify system management, are accessible online without authentication, offering attackers a direct route into vital operations.

These interfaces bypass the need for specialized knowledge of ICS protocols, enabling attackers to manipulate critical systems with alarming ease.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Unsecured ICS Devices Exposed

North America leads the world in ICS exposure, accounting for 38% of global vulnerabilities, with the United States alone hosting over one-third of the exposed devices.

The report also details real-world examples, such as attacks on water systems in Pennsylvania and Texas, where exposed HMIs were exploited to manipulate operations without requiring advanced ICS expertise. 

For years, the focus of ICS cybersecurity has been on safeguarding specialized protocols like Modbus and DNP3.

However, the Censys report underscores a more immediate threat: exposed HMIs and remote access points.

These interfaces often misconfigured and lacking even basic security measures, present low-complexity entry points that attackers can exploit with minimal effort.

Their user-friendly design makes them particularly appealing targets, as they allow direct operational control without the need for deep technical knowledge. 

According to recent research from GreyNoise, a threat intelligence firm that studied internet-connected HMIs during the summer of 2024.

Their findings revealed that such systems are scanned and probed by attackers almost immediately upon being discovered online. In some cases, over 30% of IP addresses scanning these devices were later identified as malicious.

Interestingly, the research found that attackers often targeted remote access protocols like Virtual Network Computing (VNC) rather than ICS-specific protocols, further highlighting the need to secure these entry points. 

The growing exposure of ICS devices is more than a technical issue; it is a societal challenge. Safeguarding critical infrastructure requires immediate attention.

Organizations must conduct thorough inventories of internet-facing systems, secure HMIs with strong authentication and network segmentation, and monitor systems for potential reconnaissance activity.

While protecting ICS protocols remains important, the focus must shift to securing low-hanging vulnerabilities like HMIs and remote access services. 

The vulnerabilities outlined in the Censys report are a wake-up call. If left unaddressed, they could lead to catastrophic consequences for public safety and national security. The time to act is now — securing critical systems and closing exploitable gaps is no longer optional but essential.

Are you from SOC/DFIR Teams? – Analyse Malware & Phishing with ANY.RUN -> Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

16 hours ago

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…

17 hours ago

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store, which…

17 hours ago

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target employees…

17 hours ago

New Python NodeStealer Attacking Facebook Business To Steal Login Credentials

NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets…

17 hours ago

DigiEver IoT Devices Exploited To Deliver Mirai-based Malware

A new Mirai-based botnet, "Hail Cock Botnet," has been exploiting vulnerable IoT devices, including DigiEver…

17 hours ago