登录查看更多内容

Trending the Wrong Way!

Fred Gordy

Passionate Building/OT Cybersecurity Practitioner, Speaker, Author, Advisor

发布日期: 2024年6月12日

The manufacturers listed below are obfuscated. However, it is easy enough to use a quick Censys query using "services.service_name=`BACNET`" and run a report breakdown by vendor to figure it out.

This query is NOT for BACnet secure. These are legacy BACnet devices that are exposed directly to the web with a public IP. To access these devices, an attacker can use free, easy-to-use software available on the internet. NO authentication is required to manipulate and potentially cause damage to the device or worse.

The really surprising part... The number has increased from last year by 20%. Given the awareness that this problem has received, this number should be going down.

This is an easy fix with little to no operational impact. We can show you how.

BACnet Devices Directly Exposed to the Internet

Michael Baker International Building Cyber Security Real Estate Cyber Consortium International Society of Automation (ISA) Lucian Niemeyer James Roberts Brian Gearheart Amanda Loeffert Akela Engineering & Consulting

Dylan O’Dell

AVP, Technology Risk Management

9 个月

Hi Fred, thanks for sharing. Have you seen thematic trends for this 20% growth? Example, systems age (EOL and EOS) continues to age therefore data exchange on systems risk increases?

2 次回应

要查看或添加评论，请登录

Fred Gordy的更多文章

The Hidden Risks: Why Exposing TeslaMate to the Web Could Compromise Your Vehicle's Security

2025年3月21日

The Hidden Risks: Why Exposing TeslaMate to the Web Could Compromise Your Vehicle's Security

Is your car exposed directly to the web using third-party software? NOTE: TeslaMate is an independent, open-source…
Urgent Alert: Exposed OT Devices in Airfield Lighting and Obstruction Avoidance Systems Pose Severe Human Safety Risks

2025年3月4日

Urgent Alert: Exposed OT Devices in Airfield Lighting and Obstruction Avoidance Systems Pose Severe Human Safety Risks

Imagine a scenario where an aircraft is approaching for landing at night, but the runway lights suddenly go dark…

5 条评论
How Much Security is Needed for Your Building Control System?

2025年2月24日

How Much Security is Needed for Your Building Control System?

A Simple Guide to Understanding BCS/ISA Security Levels Some are actively trying to figure this out. Others are…

1 条评论
Would You Want to Know if I Found You?

2025年2月11日

Would You Want to Know if I Found You?

What if I told you that your control system devices might be exposed on the web? Would you want to know? The answer…

3 条评论
Smart Buildings Under Siege: Are You Ready for the Siegeware Showdown?

2025年1月24日

Smart Buildings Under Siege: Are You Ready for the Siegeware Showdown?

I have to admit, even though it has been around since 2019, this is a new one for me. However, based on the description…

2 条评论
Shark in the Water - Hunting Building Control Systems

2025年1月20日

Shark in the Water - Hunting Building Control Systems

One Device IP Leads to 199 Devices Across Multiple Sites NOTE: None of the IPs shown in this article are the original…

20 条评论
A Gift to You... Know what you're system is showing the world!

2024年12月20日

A Gift to You... Know what you're system is showing the world!

Cybersecurity is complicated, right? Not really. At least the basics aren't, and I want to help you build your toolbox.

3 条评论
Beyond BACnet: Safeguarding Modbus and Other Building Protocols

2024年11月4日

Beyond BACnet: Safeguarding Modbus and Other Building Protocols

Over the past few years, my focus has been on securing BACnet protocols in building automation systems. BACnet has been…

16 条评论
A Data Grab Results in Disruption to Building Control System

2024年8月7日

A Data Grab Results in Disruption to Building Control System

Attackers manipulated HVAC controls, leading to operational disruptions In August 2020, the UVM Medical Group was…

2 条评论
U.S. critical infrastructure subject to stealth living-off-the-land techniques

2024年8月2日

U.S. critical infrastructure subject to stealth living-off-the-land techniques

If you are not familiar with a "Living-off-the-Land" (LOTL) cyber attack it is a technique where attackers use…

5 条评论

See all articles

Trending the Wrong Way!

Fred Gordy

Passionate Building/OT Cybersecurity Practitioner, Speaker, Author, Advisor

Fred Gordy的更多文章

社区洞察

其他会员也浏览了

New Webinar | Engineering-Grade OT Security: A manager's guide

Welcome to our Monthly Newsletter

Why Operational Technology is Vital to National Security

5 Reasons Why IEC 61850 is Essential for a Modern and Reliable Power Grid

Dual Power Vulnerabilities: Industrial Control Systems Cyber Security

How to Segment Industrial/ Process Control Networks? Part 2/3

OT Cybersecurity Domains & Brands Map

About Federation of Cyber Ranges, Market Places and Technology Innovation

Preventing Eavesdropping Cyberattacks in Manufacturing

Why is OT Security specially treated?

Fred Gordy的更多文章

The Hidden Risks: Why Exposing TeslaMate to the Web Could Compromise Your Vehicle's Security

Urgent Alert: Exposed OT Devices in Airfield Lighting and Obstruction Avoidance Systems Pose Severe Human Safety Risks

How Much Security is Needed for Your Building Control System?

Would You Want to Know if I Found You?

Smart Buildings Under Siege: Are You Ready for the Siegeware Showdown?

Shark in the Water - Hunting Building Control Systems

A Gift to You... Know what you're system is showing the world!

Beyond BACnet: Safeguarding Modbus and Other Building Protocols

A Data Grab Results in Disruption to Building Control System

U.S. critical infrastructure subject to stealth living-off-the-land techniques

社区洞察

其他会员也浏览了

New Webinar | Engineering-Grade OT Security: A manager's guide

Welcome to our Monthly Newsletter

Why Operational Technology is Vital to National Security

5 Reasons Why IEC 61850 is Essential for a Modern and Reliable Power Grid

Dual Power Vulnerabilities: Industrial Control Systems Cyber Security

How to Segment Industrial/ Process Control Networks? Part 2/3

OT Cybersecurity Domains & Brands Map

About Federation of Cyber Ranges, Market Places and Technology Innovation

Preventing Eavesdropping Cyberattacks in Manufacturing

Why is OT Security specially treated?