InfoSecBulletin Cybersecurity for mankind
A study by Censys found that more than 145,000 Industrial Control Systems (ICS) are exposed online in 175 countries, highlighting a significant security risk.
The findings are alarming for the United States, which has over one-third of global exposures (48,000 systems). This shows a pressing need for improved cybersecurity in critical infrastructure. Other countries with significant ICS exposures include Turkey, South Korea, Italy, Canada, and Spain.
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
Regional data highlights the global nature of the problem, with 38% of exposed ICS devices in North America, 35.4% in Europe, and 22.9% in Asia, along with smaller percentages in Oceania, South America, and Africa. This shows that the issue crosses borders and needs a coordinated response from industries and governments.
The research identified several vulnerable protocols in ICS environments, including Modbus, IEC 60870-5-104, CODESYS, and OPC UA. Each protocol can serve as an entry point for attackers, highlighting the need for strong cybersecurity measures.
Regional trends show specific vulnerabilities. In Europe, protocols like Modbus, S7, and IEC 60870-5-104 are common, while North America relies on Fox, BACnet, ATG, and C-more. Protocols such as EIP, FINS, and WDBRPC are used in both regions, indicating a need for shared security solutions.
The consequences of these exposures are serious. ICS devices are essential for critical infrastructure like power grids, water systems, and manufacturing facilities. When inadequately protected online, they risk facing data breaches, operational disruptions, and physical damage.
The differences in exposure across regions highlight the need for specific security approaches. While global cooperation is important, each area’s unique protocols and usage require customized solutions to effectively tackle local risks.
The growing complexity of ICS environments, coupled with the adoption of IIoT technologies, is increasing the potential for attacks. This highlights the urgent need for proactive security measures in industrial systems.
The findings emphasize the urgent need for industries and policymakers to enhance ICS network security to safeguard national economies and public safety.
In summary, the discovery of over 145,000 vulnerable ICS systems worldwide poses a significant challenge in today’s digital age. By recognizing these vulnerabilities, stakeholders can collaborate to strengthen vital infrastructure against cyber threats.
Censys’s study highlights current ICS vulnerabilities and urges industries to implement stricter security measures to protect critical infrastructure.
The Censys study highlights the importance of improving security measures in industries that rely on ICS. The future of critical infrastructure relies on this.
