Industrial Control Systems (ICS) are often used to support critical infrastructure around the world but, unfortunately, they were not designed with cybersecurity in mind, and certainly not for the modern IoT-based ecosystem. Recently, many ICS panels for both public and private infrastructure in the US were found extremely vulnerable and unprotected to cyberattacks.
Uncovering the truth about vulnerable ICS
Recently, CyberNews researchers found a number of unprotected and accessible Industrial Control Systems across the United States.
- Researchers found that a large number of ICS access points—particularly in water and energy sectors—vulnerable to cyber attacks. These vulnerable infrastructures were identified by scanning IP blocks for open ports in the US IP address range as part of an internet mapping project.
- Hackers could misuse search engines dedicated to scanning such open ports, helping them to attack offshore and onshore oil wells, as well as public and private water distribution and treatment systems.
- Any adversary with a specific skill set and a special interest can exploit vulnerable systems to take control of multiple oil silos, coastal oil wells, shut off the water supply, make drinking water unsafe to consume, damage an entire town’s sewer system, thereby physically affecting thousands.
Recent cyberattacks on ICS systems
There have been several incidents in the past when attackers targeted the ICS systems by using some specific malware or vulnerability.
- In July 2020, FortiGuard Labs observed that the EKANS ransomware group targeted ICS systems and a variety of applications by using a different methods including turning the security firewalls off.
- In March 2020, Kwampirs actors infected software supply chain vendors including products used to manage industrial control system (ICS) assets in global healthcare entities.
The state-sponsored actors can cause untold amounts of damage in the US - to the civilian population, the local economies, and the environment by using these vulnerable systems. These types of attacks can cause material losses and production downtime for the whole system.