Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Internet-exposed ICS devices running insecure Modbus leave critical infrastructure open to disruption, Comparitech finds

(Smart Connected Systems Division, NIST)

By Anna Ribeiro

New research from Comparitech underscores how exposed ICS (industrial control systems) continue to present a tangible risk to critical infrastructure, with 179 internet-facing ICS devices identified globally through scans of Modbus, a widely used but inherently insecure protocol. These devices, which communicate over port 502, are embedded in sectors such as power grids, manufacturing and transportation, and their exposure reflects a broader shift toward connectivity without corresponding security controls.

“Malware affecting industrial control systems (ICS) has the potential to disrupt the key industries that underpin modern society,” Justin Schamotta, a researcher at Comparitech, wrote in a Wednesday post. “Variants such as Industroyer, Stuxnet, Havex, Triton and BlackEnergy have demonstrated the ability to interfere with industrial processes, disrupt power supplies, and, in some cases, cause physical damage to critical infrastructure.”

The findings highlight the real-world implications of this exposure. Among the identified systems were devices linked to a national railway network and others tied to power grid infrastructure in both Asia and Europe, where ICS play a central role in monitoring and controlling operations. Such visibility raises operational and safety concerns, as these systems underpin essential services and, if manipulated, could disrupt physical processes or critical service delivery.

Read more at Industrial Cyber

Click to listen highlighted text!