“Swipe Right for Cybercrime: Unmasking the Internet of Targets in Fortune 1000 Companies”

“Welcome to the Internet of Targets! Industrial Control Systems Vulnerability is the hot new trend, with hundreds of thousands of online systems ready for hacker invasions. It’s like a Fortune 1000 company throwing an open house with a sign saying ‘Free stuff inside, no security camera’. Not your grandma’s cookie jar, folks!”

Hot Take:

Well, it seems like the Internet of Things (IoT) is more like the Internet of Targets! A recent report has revealed that hundreds of thousands of industrial control systems are just hanging out online, waiting for hackers to swipe right. It’s like leaving your front door wide open with a sign that says “Free stuff inside, no security camera”. And to top it off, some of these exposed endpoints belong to Fortune 1000 companies. It’s safe to say, we’re not just talking about stealing grandma’s secret cookie recipe here.

Key Points:

  • BitSight’s report reveals that hundreds of thousands of industrial control systems (ICS) are connected to the public internet and easily accessible to hackers.
  • Hackers can probe these endpoints for vulnerabilities and exploit them for significant gain.
  • Many of these exposed endpoints belong to Fortune 1000 companies located in nearly 100 countries, with the largest percentages found in the US, Canada, and Italy.
  • Industries deemed least secure include education, technology, government, and business services, followed by manufacturing, utilities, real estate, energy, hospitality, and finance.
  • This is not a theoretical risk; there have been numerous instances of such attacks in the past, even by state-sponsored threat actors.

Need to know more?

The Unfortunate Open House

BitSight's study involves running mass scans across the IP address space, identifying the systems running on each. The result? A whopping 100,000 sensors, actuators, switches, building management systems, and automatic tank gauges are all internet-connected and ready to be tampered with. It's like an open house for hackers, but with no cookies and a lot more chaos.

Who's at Risk?

Some of these vulnerable endpoints belong to Fortune 1000 companies, spread across nearly 100 countries. The biggest percentages were found in the US, Canada, and Italy. The industries least secure? Education, technology, government, and business services. So next time you're in a college tech lab, remember—it might be a hacker's paradise.

Not Just Fairy Tales

This isn't just a scary bedtime story for IT professionals. There have been countless examples of threat actors, including state-sponsored ones, exploiting these systems. Just last year, the US government warned critical infrastructure organizations about being targeted with custom-built malware. So, it seems like the boogeyman is real, and he's got a keyboard.

History Repeats Itself

The past has seen similar warnings. Back in 2018, the FBI warned US private sector companies about an ongoing hacking campaign targeting supply chain software providers. The aim? To gain access to the victim's strategic partners and/or customers. It seems hackers have always appreciated the domino effect.

In conclusion, if you're in charge of an Industrial Control System, it might be time to double-check your security measures. Because right now, it seems the Internet isn't just for cat videos and online shopping—it's also a playground for hackers.

Tags: BitSight Report, Data Breaches, Hacker Vulnerabilities, industrial control systems, Malware Targeting Energy Plants, OMRON Sysmac, Open Platform Communications, Schneider Electric