Hello, welcome to the Thursday, May 13th, 2021 edition of the Sansanet Storms, Stormcast.

My name is Johannes Ulrich.

Entertainment recording from Jacksonville, Florida.

Industrial control systems being connected to the Internet have, of course, been a big topic for a few years now and we have sort of all

these new stories about water plants, for example, getting hacked.

So Jan took a look at some public resources like Shodan to see if there's any improvement

mean a decrease in the number of devices connected to the internet.

Now, many of the attacks, of course, that we have seen are not necessarily against the devices

itself. They're more against business networks or, for example, web applications being used

to manage these devices. Jan actually looked more the device themselves, like, for example,

exposed Modbus port or S7, which are specific protocols that are unique to these industrial devices.

And according to Shodan and Senses, currently there are about 70 to 80,000 devices exposed depending on the source

you are using. Different systems are sensitive for different protocols. For example,

Senses does find a lot more mod bus devices than Shodan.

Now with Shodan, Jan was able to go back to May last year and back then we had about

120,000 devices connected, so this now is down to 80,000 devices, which is certainly heading in the right direction,

but the graph is, well, far from linear, so it's pretty noisy, and while there's a clear

trend, the numbers themselves may be off by quite a bit.

And of course, this is somewhat related to the ransomware attack that led to the shutdown

of the colonial pipeline.

Now, while this appear to be more sort of a traditional IT attack, we do have a special

webcast on Thursday with Tim Conway and Jeff Shearer.

...