Global Exposure of 180,000 ICS/OT Devices Raises Safety Concerns

The cybersecurity firm Bitsight has issued a major warning about a rapid increase in critical systems left vulnerable on the public internet. These devices, called Industrial Control Systems and Operational Technology (ICS/OT), are basically the computers that run physical processes like power grids and manufacturing plants.

While these devices are not meant to be easily accessible, Bitsight tracked an alarming jump in their exposure throughout 2024 and shared its findings with Hackread.com.

According to Bitsight’s report, “The Unforgivable Exposure” of ICS/OT, global exposure has risen by around 12% in 2024. The monthly count of exposed devices jumped from approximately 160,000 to a massive 180,000 unique IP addresses. If the current trend holds, the number of exposed critical systems could exceed 200,000 in less than a year.

Unlike typical data breaches, a successful attack on exposed ICS/OT systems has direct, real-world consequences, risking public safety and continuity. The report stresses that the risk is “not theoretical,” with possible outcomes including pumps stalling, lights flickering, or heating turning off.

Compounding the risk, many of these devices are found running unprotected industrial protocols like Modbus and S7, most of which still use factory default settings. The danger is augmented by the fact that many exposed systems contain known vulnerabilities, including extremely severe CVSS 10.0 flaws with “trivial exploit paths.”

Earlier this year, for example, industrial vendor Moxa patched a critical command injection flaw (CVE-2024-9140) in its OT routers, which could have allowed unauthenticated remote attackers to gain full device control. CISA data shows that nearly 30% of publicly documented vulnerabilities in these systems have no patch or update available.

“This signals a clear trend: as the ICS/OT ecosystem continues to modernize, it also inherits all the security debt of legacy software, plus the risk profile of exposed services, with the additional potential for impact on physical safety,’ the report reads.

Bitsight’s report reveals that threat actors are actively targeting this vulnerable attack surface. In 2024 alone, two new strains of specialised malware, FrostyGoop and Fuxnet, were discovered, built explicitly to “target and disable devices” using industrial communication rules, or protocols.

Globally, the exposure is unevenly distributed; while the United States has the highest overall number of exposed devices (around 80,000), some countries face a disproportionately higher risk. Italy and Spain particularly show the highest rates when comparing exposure to the number of companies or the total population.

These findings reinforce earlier warnings, such as a separate Censys report from August 2024 showed over 40,000 exposed ICS devices in the US alone, with nearly half of water and wastewater interfaces susceptible to manipulation without authentication.

This impacts crucial systems like fuel delivery infrastructure, building controls, and water treatment facilities. Bitsight calls this “unforgivable exposure” and urges immediate action from device manufacturers, internet service providers (ISPs), and system operators to remove public access, monitor their networks continuously, and enforce secure settings from the start.