The 2024 State of the Internet Report from Censys reveals data of over 145,000 internet-exposed ICS devices globally, with more than one-third located in the U.S. alone. The Censys data suggests an “ecosystem shift” highlighting 2023 as a significant turning point in attacks on ICS infrastructure, and points to the cyber attacks in Aliquippa, Pennsylvania and Muleshoe, Texas that occurred in November, 2023 and January, 2024 respectively. Both attacks were carried out by state-sponsored threat actors (Iran and Russia).

Censys further notes that these attacks were “fundamentally different from attacks of years past. Instead of compromising water facilities through IT networks or using highly specialized malware, these attacks were much simpler to execute: they leveraged Internet-connected HMIs for exploitation over the public Internet.”

Additionally, C-More HMIs were one of over twenty types of HMI software examined by Censys research and made up a portion of the exposed devices. 34 percent of C-More HMIs relate to the water and wastewater sector. Censys noted “over the last year, the water and wastewater sector has increasingly become a target for threat actors. C-More is widely found in the U.S., and our findings suggest that still more work is needed to harden systems in this sector.” Furthermore, PLCHound researchers have shown how the actual number of exposed ICS devices is much larger than previously thought. For more information, visit Industrial Cyber.