UK under threat from exposed industrial systems – Censys

Recent incidents have underscored the vulnerability of critical infrastructure to cyber attacks, specifically targeting water utilities. Censys, a firm specialising in internet intelligence, has released research as part of its 2024 State of the Internet Report, focusing on exposed Industrial Control Systems (ICS) in the United States and the United Kingdom.

Censys’ research highlights the magnitude of ICS exposures, revealing that approximately 1,500 control systems in the UK are accessible via the public internet. Additionally, around 1,700 UK HTTP devices associated with 26 operational technology vendors are publicly accessible, with many likely supporting default credentials. In the US, out of more than 40,000 internet-connected ICS devices excluding known building control protocols, 18,000 were found to be exposed, potentially controlling industrial systems.

"It is imperative that we shed light on the exposure of ICS as they are essential to our critical infrastructure across the globe. The goal for our research was to not only discover the exposed devices but to notify device owners of their improper exposure," said Brad Brooks, CEO of Censys.

The report also delves into recent cyber attacks from groups such as the Iranian Revolutionary Guard Corps-affiliated CyberAv3ngers and the Cyber Army of Russia Reborn. Incidents include the defacement of Israeli-manufactured Unitronics devices and the manipulation of internet-exposed human-machine interfaces (HMIs) that led to overflowing water tanks in Texas.

Censys’ findings underscore the prevalence of publicly accessible devices in both the UK and the US. For instance, in the UK, nearly 50% of the HMIs associated with water and wastewater systems (WWS) identified could be manipulated without any authentication required. More than 80% of administration interfaces discovered pertain to building controls, while over half of the hosts running low-level automation protocols are concentrated in cellular networks and commercial ISPs, which complicates efforts to notify device owners.

Brooks elaborated on the importance of Censys’ research capabilities, stating, "Censys’ comprehensive data set, predictive scan engine, and most up-to-date map of the internet gives us the unique opportunity to see beyond what other vendors in the attack surface management space can. This visibility is why the US government trusts Censys to provide them with the information and solutions needed to protect critical infrastructure across the country."

Censys aims to enhance visibility around the most pressing security issues, including control system exposure, for the cybersecurity community. To further support this, the company recently launched its Community Forum, an online platform for security professionals to discuss topics related to threat hunting and attack surface management.

Part one of the 2024 State of the Internet Report on Industrial Control Systems is now available. The report signals that while the UK remains at high risk of cyber attacks on critical infrastructure, the exposure is considerably less than that observed in the US.