‘Many industrial control systems can be accessed via the internet’
Security firm Kaspersky warns that it has determined through research that 220,558 industrial control systems can be accessed via the Internet. Of these, at least 17,000 belong to large companies.
Kaspersky writes that the research was conducted on the basis of the search engines Shodan and Censys, with which the Internet can be searched for certain types of devices. The more than 200,000 IC systems are present on approximately 188,000 hosts in 170 different countries, with large numbers in the US and Europe. By looking for devices that by their size or price can only belong to large companies, the company was able to attribute more than 17,000 systems to this group.
Of that group, 91 percent of the systems used insecure protocols, such as http, telnet, Modbus and Siemens S7, according to the researchers. This makes them vulnerable to man-in-the-middle attacks, for example. About 3 percent contain critical vulnerabilities that allow remote code execution. The company states that industrial control systems, commonly used in key sectors such as energy, water supply and transportation, were originally designed for enclosed environments.
In addition, the number of vulnerabilities in IC systems is growing steadily. Between 2010 and 2015, the number of known vulnerabilities grew from 19 to 189. Exploits are available for 26 of the vulnerabilities from 2015, Kaspersky adds. For example, there is a common vulnerability due to pre-programmed login data. An attacker can use it to gain control of a system. Patches are not always released for vulnerabilities found, for example, there is no solution for 15 percent of the leaks found in 2015.
Kaspersky notes that advanced attacks on ics components are not a new phenomenon. It points to the attack on a power plant in Ukraine, which left many people without power. Stuxnet is also an example of advanced malware. This was used to penetrate the Iranian uranium enrichment facility at Natanz. Recently, security company FireEye found a new kind of ics malware that exhibits properties of Stuxnet.