3 min Security

50,000 industrial control systems are vulnerable within Europe

Hackers have it easy

50,000 industrial control systems are vulnerable within Europe

Hackers of industrial infrastructure have plenty of targets to aim at. Research shows that 50,000 ICS services are exposed within Europe and 145,000 worldwide.

Industrial Control Systems (ICS) protocols often date back to the 1970s – ancient history by IT standards. They lack such basic security necessities such as TLS and authentication. Nevertheless, they are connected to the Internet, mostly because they need to be controlled remotely. Examples include systems within sewage facilities, water treatment, agricultural equipment and factories. Censys research shows the scale of the problem – on top of the evidence the real world has already presented over the past few years.

Russian attacks

Attacking ICS infrastructure in the first place requires a great deal of knowledge about the specific equipment. The expertise required also varies enormously depending on the continent: whereas ICS protocols Modbus and Siemens S7 are common in Europe, FOX is by far the most prevalent in the US. The latter is used for automation within buildings, such as to open doors based on another sensor and to control HVAC.

A report by the U.S. government Cyber Threat Intelligence Integration Center shows the current threat level. A Russian attack flooded a water facility in tiny Muleshoe, Texas, thankfully with no direct damage or injury. However, it can be seen as a clear proof-of-concept for much larger disruptions to infrastructure within the nation, as the compromised infrastructure is largely identical elsewhere. In addition, an attempted poisoning of Florida’s water supply in 2021 was prevented by an engineer simply being there to see the malicious act going on in real time. Such incidents did have major consequences elsewhere: in Ukraine, Russian hackers took down much of the power grid near Kyiv back in 2016. This was done via the so-called Industroyer, the “biggest malware threat to critical infrastructure since Stuxnet,” as ESET has described it.

HMI aid

As mentioned, ICS attacks are difficult to execute. It requires a detailed knowledge of exactly how the protocol in question works. Also, attackers often don’t even know what a particular device is doing, as metadata is usually lacking about the 5G networks that use that infrastructure. But an HMI (Human Machine Interface) can come to their rescue.

HMIs are graphical interfaces that are designed to be user-friendly for operators. However, even these are often exposed to the Internet without the proper level of protection, Censys concludes. They are far more commonly deployed in North America than elsewhere (69.4 percent versus Europe, the runner-up at 26.9 percent). The aforementioned ease of use is also true for the attackers as well as operators, and the former can tamper with a system with just a few clicks.

Telcos in particular use HMIs. Verizon stands out the most, which has more than 3,000 CELLCO-PART hosts online. Again, these systems do not run in the cloud, but on a hodgepodge of 4G/5G and local corporate networks. Censys cites that this again leads to a lack of metadata. Who exactly owns an HMI can often remain unclear, which one might see as security through obscurity, a much-maligned method of protection.

Still modern protection

The researchers recommend providing these ancient protocols with a modern layer of protection. A comprehensive inventory of the ICS-controlled devices is important, as is the prevention of a direct online connection and the use of credentials that aren’t just the default or easy to guess. Needless to say, this increases the complexity of the job for industrial engineers, but also for attackers.

Also read: LockBit shuts down seaport in Japan: OT attacks have a huge impact