登录查看更多内容

Trending the Wrong Way!

Fred Gordy

Passionate Building/OT Cybersecurity Practitioner, Speaker, Author, Advisor

发布日期: 2024年6月12日

The manufacturers listed below are obfuscated. However, it is easy enough to use a quick Censys query using "services.service_name=`BACNET`" and run a report breakdown by vendor to figure it out.

This query is NOT for BACnet secure. These are legacy BACnet devices that are exposed directly to the web with a public IP. To access these devices, an attacker can use free, easy-to-use software available on the internet. NO authentication is required to manipulate and potentially cause damage to the device or worse.

The really surprising part... The number has increased from last year by 20%. Given the awareness that this problem has received, this number should be going down.

This is an easy fix with little to no operational impact. We can show you how.

BACnet Devices Directly Exposed to the Internet

Michael Baker International Building Cyber Security Real Estate Cyber Consortium International Society of Automation (ISA) Lucian Niemeyer James Roberts Brian Gearheart Amanda Loeffert Akela Engineering & Consulting

Dylan MsC, CISM, CISA, CDPSE

AVP Technology, Operational and Compliance Risk

5 个月

Hi Fred, thanks for sharing. Have you seen thematic trends for this 20% growth? Example, systems age (EOL and EOS) continues to age therefore data exchange on systems risk increases?

2 次回应

要查看或添加评论，请登录

Fred Gordy的更多文章

Beyond BACnet: Safeguarding Modbus and Other Building Protocols

2024年11月4日

Beyond BACnet: Safeguarding Modbus and Other Building Protocols

Over the past few years, my focus has been on securing BACnet protocols in building automation systems. BACnet has been…

15 条评论
A Data Grab Results in Disruption to Building Control System

2024年8月7日

A Data Grab Results in Disruption to Building Control System

Attackers manipulated HVAC controls, leading to operational disruptions In August 2020, the UVM Medical Group was…

2 条评论
U.S. critical infrastructure subject to stealth living-off-the-land techniques

2024年8月2日

U.S. critical infrastructure subject to stealth living-off-the-land techniques

If you are not familiar with a "Living-off-the-Land" (LOTL) cyber attack it is a technique where attackers use…

5 条评论
Critical Infrastructure: Implications for Building Owners and Operators

2024年7月9日

Critical Infrastructure: Implications for Building Owners and Operators

Commercial Facilities Sub-Sectors In late 2023 an updated sector structure was presented to the President. These…

7 条评论
??Dark Web Discounts -HaaS (Hacking as a Service)??

2024年7月3日

??Dark Web Discounts -HaaS (Hacking as a Service)??

It's almost time to be off for the 4th and did what most do, catch up. Except my catching up was to see what's up on…
Yeah, Right, Coulda, Woulda, Shoulda

2023年7月10日

Yeah, Right, Coulda, Woulda, Shoulda

An expression of dismissive or disappointment concerning a statement, question, explanation, course of action, or…

1 条评论
Building System Self Assessment

2023年5月30日

Building System Self Assessment

Building Cyber Security (BCS) has been working for several years now on a standard for a commercial real estate (#CRE)…

2 条评论
Basic Building Control System Risk Register

2023年1月23日

Basic Building Control System Risk Register

What Is My Building's Risk Profile? If you've decided to implement a cybersecurity program for your building control…

3 条评论
Building owners & operators, ask yourselves 6 questions. Answer NO to ANY of them, you don't have the fundamentals of building control cybersecurity.

2022年9月29日

Building owners & operators, ask yourselves 6 questions. Answer NO to ANY of them, you don't have the fundamentals of building control cybersecurity.

This list is by no means exhaustive. In fact, there are at least ten more fundamentals you should have in place to…

8 条评论
Do You Really Know What Do When the Unthinkable Happens?

2022年9月21日

Do You Really Know What Do When the Unthinkable Happens?

On September 11, 2001, at 8:00 AM EDT, no one was expecting that the air space over New York City would be invaded not…

See all articles

Trending the Wrong Way!

Fred Gordy

Passionate Building/OT Cybersecurity Practitioner, Speaker, Author, Advisor

Fred Gordy的更多文章

社区洞察

其他会员也浏览了

Emerging Technologies and Cybersecurity: How It Can Secure Your Data

Why Operational Technology is Vital to National Security

Dual Power Vulnerabilities: Industrial Control Systems Cyber Security

How to Segment Industrial/ Process Control Networks? Part 2/3

?? ♀? Potential cyberattacks and their mitigation strategies on OSI layers ??

Preventing Eavesdropping Cyberattacks in Manufacturing

Why is OT Security specially treated?

Bridging the Gap: Cybersecurity Challenges in IT/OT Convergence

TLS/SSL vs. HTTPS: Unraveling the Web’s Security Protocols

Effectively Operating and Protected Plant Without (!) “IT-OT Convergence”

Fred Gordy的更多文章

Beyond BACnet: Safeguarding Modbus and Other Building Protocols

A Data Grab Results in Disruption to Building Control System

U.S. critical infrastructure subject to stealth living-off-the-land techniques

Critical Infrastructure: Implications for Building Owners and Operators

??Dark Web Discounts -HaaS (Hacking as a Service)??

Yeah, Right, Coulda, Woulda, Shoulda

Building System Self Assessment

Basic Building Control System Risk Register

Building owners & operators, ask yourselves 6 questions. Answer NO to ANY of them, you don't have the fundamentals of building control cybersecurity.

Do You Really Know What Do When the Unthinkable Happens?

社区洞察

其他会员也浏览了

Emerging Technologies and Cybersecurity: How It Can Secure Your Data

Why Operational Technology is Vital to National Security

Dual Power Vulnerabilities: Industrial Control Systems Cyber Security

How to Segment Industrial/ Process Control Networks? Part 2/3

?? ♀? Potential cyberattacks and their mitigation strategies on OSI layers ??

Preventing Eavesdropping Cyberattacks in Manufacturing

Why is OT Security specially treated?

Bridging the Gap: Cybersecurity Challenges in IT/OT Convergence

TLS/SSL vs. HTTPS: Unraveling the Web’s Security Protocols

Effectively Operating and Protected Plant Without (!) “IT-OT Convergence”