Authors:
Yixiong Wu
1
;
Jianwei Zhuge
2
;
1
;
Tingting Yin
1
;
Tianyi Li
3
;
Junmin Zhu
4
;
Guannan Guo
5
;
Yue Liu
6
and
Jianju Hu
7
Affiliations:
1
Institute of Network Science and Cyberspace, Tsinghua University, Beijing, China
;
2
Beijing National Research Center for Information Science and Technology, Beijing, China
;
3
Peking University, Beijing, China
;
4
Shanghai Jiao Tong University, Shanghai, China
;
5
School of Computer Science and Technology, University of Science and Technology of China, Hefei, China
;
6
Qi An Xin Technology Research Institute, Beijing, China
;
7
Siemens Ltd., China
Keyword(s):
Internet-facing ICS Devices, Passive Vulnerability Assessment, Device Search Engine.
Abstract:
The number of Internet-facing industrial control system(ICS) devices has risen rapidly due to remote control demand. Going beyond benefits in maintenance, this also exposes the fragile ICS devices to cyber-attackers. To characterize the security status of Internet-facing ICS devices, we analyze the exposed ICS devices and their vulnerabilities. Considering the ethic, we design and implement ICScope, a passive vulnerability assessment system based on device search engines. Firstly, ICScope extracts the ICS device information from the banners returned by multiple search engines. Then, ICScope filters out the possible ICS honeypots to guarantee accuracy. Finally, ICScope associates ICS vulnerabilities with each ICS device. Over the past year, our measurements cover more than 466,000 IPs. We first perform a comprehensive measurement of Internet-facing ICS devices from Dec 2019 to Jan 2020. We find that there are about 49.58% of Internet-facing ICS devices that can be identified are affec
ted by one or more vulnerabilities. We also conduct three times experiments from Jun 2020 to Dec 2020 to monitor the security status of Internet-facing ICS devices. We observe a slowly decreasing trend in the number of vulnerable ICS devices during our experiment period.
(More)