Recent research by Censys reveals that there are over 145,000 internet-exposed industrial control systems (ICS) across 175 countries, with the United States alone accounting for more than 48,000 of these exposures.

The distribution of these exposed ICS devices shows that 38% are located in North America, 35% in Europe, and 22% in Asia, highlighting a significant concentration in these regions.

Countries with notable ICS exposures include Turkey, South Korea, Italy, Canada, Spain, China, Germany, France, the U.K., Japan, Sweden, Taiwan, Poland, and Lithuania.

Threat actors are increasingly targeting critical infrastructure, as evidenced by a recent breach of the Municipal Water Authority of Aliquippa in Pennsylvania, which involved exposed programmable logic controllers (PLCs).

In light of rising cyber threats, organizations are urged to secure exposed ICS devices, update default credentials, and monitor for malicious activity, particularly as botnet malware exploits these vulnerabilities.

A Kaspersky report indicates that nearly 90% of industrial companies in the UK have experienced cyberattacks, with almost half of these incidents categorized as major disruptions.

While cyber attacks on ICS systems have historically been rare, with only nine malware strains identified, incidents have surged, particularly following the Russo-Ukrainian war.

One such malware, FrostyGoop, has been used against an energy company in Ukraine, demonstrating its capability to disrupt operations of devices utilizing Modbus TCP.

Telemetry data indicates that over 1 million Modbus TCP devices were exposed to the internet in September and October 2024, raising significant security concerns.

Human-machine interfaces (HMIs) represent a substantial portion of exposed ICS, with 34% linked to water systems and 23% to agriculture, making them prime targets for cyberattacks.

Censys has identified nearly 200 hosts running HMIs associated with vendors restricted under the US National Defense Authorization Act, highlighting security implications related to foreign equipment.

Zakir Durumeric, co-founder of Censys, emphasizes the critical need to understand ICS exposure to protect infrastructure, noting that many protocols have not been updated for security since the 1970s.