March 15, 2017
The United States is home to millions of unsecured and exposed cyber assets. By “unsecured” and “exposed” we don’t necessarily mean that these devices have already been compromised. Rather, this means they are vulnerable to cyber attacks due to inadequate security or poor configuration. Some cyber assets may even have remote access enabled for troubleshooting purposes, but this leaves machines susceptible to attacks.
Scanning the Internet for security flaws on these cyber assets is a tedious process, but it’s necessary if you are looking to fix these said flaws and protect devices and systems from possible compromise. Instead of crawling the Internet for specific terms in websites, we can use tools like Shodan™ to easily search for exposed cyber assets. To those who are unfamiliar with Shodan, it’s an online search engine that indexes cyber assets or Internet-connected devices. Shodan is able to show any connected device’s IP address and reveal other details such as application software and firmware version numbers.
In our own analysis of February 2016 Shodan scan data, we were surprised to see results that were related to several Industrial Control Systems (ICS) device and/or equipment protocols. ICS devices are used to operate industrial and related processes like heating, ventilation, and air-conditioning (HVAC), power generation, water treatment, and the like.