1、 Better Safe Than Sorry 2 Contents Executive summary.3 1.Brief history and current risks of internet-exposed OT/ICS.4 2.The evolution of OT/ICS exposure between 2017 and 2024.6 3.Revisiting the Unitronics attacks:Israel and the US are not alone nor is it only water.8 4.Does proactive notification of

2、 exposed asset owners help?.12 5.Further evidence from Project Memoria.16 6.Conclusions and recommended mitigations.17 Better Safe Than Sorry 3 Executive summary Internet exposure of Operational Technology(OT)and Industrial Control Systems(ICS)continues to be a critical infrastructure security issue

3、 despite decades of raising awareness,new regulations and periodic CISA advisories 1,2,3.Moreover,opportunistic attackers are increasingly abusing this exposure at scale sometimes with a very lax targeting rationale driven by trends,such as current events,copycat behavior or the emergencies found in

4、 new,off-the-shelf capabilities or hacking guides.A recent wave of attacks by the Iranian-affiliated Cyber Av3ngers hacktivist group targeted Israeli-made Unitronics Programmable Logic Controllers(PLCs)around the world.One of the attacks occurred at a water utility near Pittsburgh bringing the timel

5、ess issue of internet-exposed OT/ICS into the spotlight once more.Forescout Research Vedere Labs has been tracking internet-exposed OT/ICS data for over seven years.Our research takes a fresh look at the topic by examining the nuanced evolution of exposed OT/ICS data from 2017 to 2024.We identify co

6、untries and device types where exposure has been reduced but still poses risk.Then,we analyze details of three recent cases of device exposure beginning with the Unitronics attack wave.Additionally,we discuss our attempts to proactively identify and notify asset owners with exposed Schneider Electri