More ICSes Visible From Web: Report

Friday, February 2, 2018 @ 03:02 PM gHale


Despite an increase in awareness of security issues, the amount of industrial control systems (ICS) now accessible over the Internet increased over the previous year, a new report found.

Using the Shodan, Censys and Google search engines, researchers from Positive Technologies identified 175,632 ICS components accessible from the Web.

RELATED STORIES
Trojan to Ransomware, Attackers Follow Trends
Attacks Continue to Climb Bigtime: Report
With Training, Phishing Attacks Dwindle
HASP System Software Vulnerabilities

Similar researcher conducted the year before found over 162,039 systems.

Of all the systems identified in 2017, 66,587 were accessible via HTTP, followed by the Fox building automation protocol at 39,168.

The highest percentage of exposed devices, at 42 percent, was in the United States, according to the report.

The number of Internet-accessible ICS components in the U.S. increased to 64,287, followed by Germany with 13,242, France with 7,759, Canada with 7,371, Italy with 5,858, and China with 4,285.

The leading industrial systems connected to the Web come from Honeywell with 26,813, Lantronix with 12,120, SMA with 9,399, Beck IPC with 9,362, Siemens with 6,069 and Rockwell Automation 5,594.

The distribution of Internet-exposed components by type has remained largely the same compared to 2016.

Positive Technologies said 197 new vulnerabilities ended up disclosed in 2017, compared to 115 in 2016 and 212 in 2015.

In addition, 61 percent of the flaws made public last year either rated critical or high severity.

The most common types of vulnerabilities were remote code execution at 24 percent, information disclosure at 17 percent, and buffer overflows at 12 percent.

“An increase in the number of known vulnerabilities and Internet-accessible ICS components allows attackers to conduct a wider range of attacks, which can cause very tangible impacts,” researchers said in the report. “Responding to sophisticated attacks on ICS components requires large amounts of preparation and planning. Before the first line of code is ever written, ICS developers must design the security mechanisms necessary to protect ICS components from attacks.”

To identify potential attack vectors and develop an effective protection system, companies should perform regular ICS security audits and deploy industrial cybersecurity incident management solutions.

Observing the following basic security guidelines is a solid way to ensure a degree of:
• Segregate ICS operational networks from the enterprise LAN and external networks
• Limit physical access to ICS networks and components
• Enforce a strict password policy
• Properly configure network equipment and firewall filtering rules
• Protect privileged accounts
• Minimize privileges of users and services
• Use antivirus software
• Regularly install updates to operating systems and applications



Leave a Reply

You must be logged in to post a comment.