
A recent report from cybersecurity firm Bitsight has revealed a troubling increase in the exposure of critical systems on the public internet, with an estimated 180,000 Industrial Control Systems and Operational Technology (ICS/OT) devices now vulnerable to potential attacks. These systems play a vital role in managing essential infrastructure such as power grids and manufacturing facilities. In 2024, the global exposure of these devices rose by approximately 12%, according to the report titled “The Unforgivable Exposure,” shared with Hackread.com.
The monthly count of exposed ICS/OT devices has surged from around 160,000 to an alarming 180,000 unique IP addresses. If this trend continues, the figure could exceed 200,000 within the year. The implications of this increase are significant, as successful intrusions on these systems can lead to direct, real-world consequences affecting public safety.
Real-World Risks and Vulnerabilities
The risks associated with exposed ICS/OT devices extend beyond typical data breaches. The report indicates that an attack could result in serious disruptions, including malfunctioning pumps, flickering lights, and heating failures. Many of these devices operate on outdated, unprotected industrial protocols such as Modbus and S7, often retaining factory default settings that pose serious security risks.
Furthermore, a substantial number of these exposed systems contain known vulnerabilities. For instance, earlier this year, industrial vendor Moxa addressed a critical command injection flaw (CVE-2024-9140) within its OT routers. This flaw had the potential to allow unauthenticated remote attackers to seize complete control of the devices. According to data from the Cybersecurity and Infrastructure Security Agency (CISA), nearly 30% of publicly documented vulnerabilities in these systems lack available patches or updates.
Bitsight’s report underscores a growing concern: as the ICS/OT ecosystem evolves, it inherits the security shortcomings of legacy software while also facing heightened risks associated with exposed services. The report states, “This signals a clear trend: as the ICS/OT ecosystem continues to modernize, it also inherits all the security debt of legacy software, plus the risk profile of exposed services, with the additional potential for impact on physical safety.”
Emerging Malware and Regional Vulnerabilities
The findings also indicate that malicious actors are increasingly targeting this vulnerable landscape. In 2024, two new strains of malware, FrostyGoop and Fuxnet, were identified, specifically designed to exploit industrial communication protocols and disable devices.
Geographically, the exposure of these devices is uneven. The United States leads with approximately 80,000 exposed ICS/OT devices. However, Italy and Spain show alarming rates of exposure relative to their populations and number of companies. This disparity highlights the urgent need for proactive measures to secure these critical systems.
A separate report by Censys in August 2024 corroborated these findings, revealing that over 40,000 ICS devices in the United States are exposed, with nearly half of water and wastewater interfaces vulnerable to unauthorized manipulation. Such vulnerabilities threaten essential services, including fuel delivery systems and water treatment facilities.
Bitsight has characterized this state of exposure as “unforgivable” and calls for immediate action from device manufacturers, internet service providers, and system operators. They emphasize the need to eliminate public access, continuously monitor networks, and enforce secure configurations from the outset to mitigate these risks.