Thousands Of Internet-Connected ICS Devices Exposes Critical Infrastructure To Cyber Attacks

In November 2023, hackers from Iran hacked the Municipal Water Authority of Aliquippa, Pennsylvania. They targeted a vulnerable control system and damaged it with anti-Israel statements.

Two months later, in January 2024, Russians attacked Muleshoe and Abernathy water facilities, causing minor disruptions such as the overflowing of water storage tanks.

These are incidents that reveal how delicate US critical infrastructures are especially when industrial control systems (ICS) and human machine interfaces (HMIs) are exposed.

Cybersecurity experts at Censys recently discovered that thousands of internet-connected ICS devices expose critical infrastructure to cyber-attacks.

This attack consequently calls for improved security measures in the water management systems and other essential utilities nationwide.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

Internet-connected ICS Devices Exposed

This analysis of Internet-exposed industrial control systems (ICS) in the United States and the United Kingdom is conducted by focusing on three crucial components, and here below we have mentioned them:-

  • Automation protocols
  • Human-machine interfaces (HMIs)
  • Web administration interfaces

The study examined low-level automation protocols, which enable communication between various ICS components but often lack robust authentication mechanisms. 

It also investigated HMIs, which serve as primary control interfaces for operators and increasingly support remote access, making them potential targets for malicious actors. 

Additionally, the research explored web-based administration interfaces of PLCs, RTUs, and other ICS components, which frequently retain default credentials, posing significant security risks.

HMI for a three-pump system with options to view alarms, controls, and system setpoints (Source – Censys)

The main objective of this all-inclusive evaluation was to determine and describe the digital footprint as well as the attack surface of SCADA systems in critical infrastructure.

This analysis aimed at bringing out the increased risks associated with Internet-connected industrial systems especially on their remote access capabilities and poor security configuration by identifying exposed systems and their vulnerabilities.

Additionally, the findings indicate that there is a pressing need for enhanced cybersecurity measures within critical infrastructures to counter any possible threats from state-sponsored hackers and other malicious actors.

The exposed automation protocols and administration interfaces pose a considerable security risk. This vulnerability can be exploited by the threat actors even with limited knowledge about the system. 

Most of these devices in the United States are on cellular networks or commercial ISPs. Automation protocols hardly ever offer such information, though some interfaces may imply to ownership. 

This lack of information makes it challenging to determine device ownership as well as notify affected parties, leaving many exposures unaddressed.

Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download

The post Thousands Of Internet-Connected ICS Devices Exposes Critical Infrastructure To Cyber Attacks appeared first on Cyber Security News.