Some of the most critical national infrastructure, including power grids and railway networks, have exposed industrial control systems (ICS), according to a new study.
-
Researchers found 179 internet-exposed Modbus ICS devices in 20 countries, including systems tied to national rail and power grids.
-
Modbus’s lack of encryption and authentication may allow even low-skilled attackers to tamper with critical controllers and meters.
-
Potentially exposed devices from major vendors such as Schneider and ABB run core functions, including logic control and power logging, raising operational and safety concerns.
Researchers at Comparitech found 179 suspected industrial control devices spread across 20 countries responding on port 502, the default port used by the Modbus protocol.
Modbus enables the sensors and controllers used in power grids, factories, and other industrial systems to communicate with each other.
However, the decades-old protocol lacks encryption and doesn’t require authentication, meaning anyone online can see or interact with the devices running it.
Check if your data has been leaked
“From an attacker’s perspective, devices running protocols like Modbus (as well as DNP3, or BACnet) are particularly vulnerable because they were designed for closed networks and often lack built-in authentication or encryption,” Comparitech said in its report.
With the ICS market projected to more than double to over $504 billion by 2033, the exposed devices can present a “significant cybersecurity challenge” as networks expand.
Critical infrastructure at risk
Cybersecurity experts warned that internet-exposed critical infrastructure devices can be exploited by attackers even with limited technical expertise.
“This is particularly concerning given some ICS devices’ critical role in economic activity and essential infrastructure,” they said.
Comparitech found that the United States had the most exposed industrial control devices at 57, followed by Sweden, at 22, and Turkey, at 19.
Of those, one device was identified as part of a national railway network, but the researchers did not name it. The exposure could pose a “serious operational and safety” risk, as railways use ICS devices for everything from train routing to signaling.
Two other potentially exposed devices – one in Asia, and one in Europe – formed part of their respective country’s national power grid infrastructure, according to researchers.
“Without proper safeguards such as firewalls, VPNs, network segmentation, and secure authentication, internet-exposed ICS devices make easy targets,” the report said.
What devices were exposed?
The majority of reviewed devices conceal their manufacturer identity, making it harder to assess the true scale of the risk, according to researchers.
Of those that advertised their manufacturer – 58 in total – most were Schneider (22 instances), followed by Data Electronics (14), and ABB Stotz-Kontakt (6). Others mentioned included Abelko Innovation, Reonix Automation, and Siemens.
“Even if a device isn’t obviously linked to a particular manufacturer, attackers may make an educated guess as to what its registers relate to, particularly if they monitor how they change over time,” the researchers explained.
“Because Modbus doesn’t require authentication, an attacker could potentially write to, as well as read from, the holding registers. Even minor unauthorized changes could disrupt the system that depends on the device’s readings.”
Exposed devices included logic controllers, energy meters, data loggers, processor modules, and voltage and power loggers.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked