Censys Releases Final Part Of The 2024 State Of The Internet Report: Industrial Control Systems

(MENAFN- PR Newswire)

Identifies over 145,000 exposed Industrial Control Systems (ICS) services worldwide

ANN ARBOR, Mich., Nov. 21, 2024 /PRNewswire/ -- Today, Censys , who provides the leading Internet Intelligence platform for Threat Hunting and Attack Surface Management (ASM), published the second half of its annual State of the Internet Report focusing on Internet-exposed Industrial Control Systems (ICS). Following the launch of part one in August 2024 , this next phase of the report focuses on ICS protocols being leveraged by ICS-specific malware variants and human-machine interfaces (HMI), often used as a point of entry for many threat actors.

Censys identifies over 145,000 exposed Industrial Control Systems (ICS) services worldwide

In its research, Censys found over 145,000 exposed ICS services worldwide, with more than 48,000 located in the U.S. alone. Censys investigated the exposure landscape to help the cybersecurity community better understand the true attack surface of ICS around the world and how to best protect it.

Attacks using ICS protocols are less common and require specialized knowledge and understanding of such environments. Censys recognizes that in order to protect real-world control systems, it is essential for security teams to understand and assess the exposure of these protocols and HMIs, which constitute an often overlooked yet vital component of the security ecosystem. With Censys' comprehensive internet visibility, it was able to identify:

• Of the 145,000 ICS services exposed globally, 38% of devices were located in North America, 35% in Europe, and 22% in Asia
  
• Attack surfaces are regionally unique: Modbus, S7, and IEC 60870-5-104 are more widely observed in Europe, while Fox, BACnet, ATG, and C-More are more commonly found in North America
  
• 34% of C-More human-machine interfaces (HMIs) are water and wastewater related, while 23% are associated with agricultural processes
  
• Nearly 200 hosts running HMIs also run products from vendors explicitly prohibited by the S Defense Authorization Act (NDAA) Section 889
  
• Most observed ICS services and HMIs run on mobile or consumer and business-grade internet service providers (ISPs). Given the often remote nature of industrial facilities, a wired Internet connection may not be readily available

"Many of these protocols can be dated back to the 1970s but remain foundational to industrial processes without the same security improvements the rest of the world has seen. The security of ICS devices is a critical element in protecting a country's critical infrastructure. To protect it, we must understand the nuances of how these devices are exposed and vulnerable," said Zakir Durumeric, Co-Founder and Chief Scientist at Censys. "Censys' unmatched visibility into the internet makes us the only company to not only see the full extent of critical infrastructure exposure but to drive its remediation with government and commercial partners."

ICS security is consistently a focus of the cybersecurity and public sector community as its impact is far greater than many expect. As the industry continues to combat ICS-based attacks, it is critical now more than ever to understand the full ecosystem and every component of it.

To read part two of Censys' State of the Internet: Industrial Control Systems report, click here:

To learn more about the report, register for this informational webinar:

About Censys
Censys, Inc is the leading Internet Intelligence Platform for Threat Hunting and Attack Surface Management. Founded in 2017 in Ann Arbor, Michigan, Censys provides organizations with the most comprehensive real-time view of Internet infrastructure. Customers like Google, Cisco, Microsoft, Samsung, Swiss Armed Forces, the U.S. Department of Homeland Security, Cybersecurity & Infrastructure Security Agency, and over 50% of the Fortune 500 rely on Censys for a real-time, contextualized view into their internet and cloud assets. At Censys, you can be yourself. We like it that way. Diversity fuels our mission, and we are committed to inclusion across race, gender, age and identity. To learn more, visit censys and follow Censys on Twitter, Mastodon and LinkedIn.

SOURCE Censys

MENAFN21112024003732001241ID1108910238