Despite large scale security measures implemented globally thousands of unsecured SCADA systems have been discovered by security researchers in Finland. Testing last January revealed 2, 915 exposed systems running operations such as building automation, transport and water supply. Researchers from Aalto University looked at responses from 185,000 Finnish IP addresses that hosted HTTP servers. They used a freely available IP discovery tool called “Shodan“.
Researchers found exposed building automation systems including a bank, a hospital, a wind turbine, office blocks and residential towers. Many of these had administrative interfaces open to the Internet without credentials.
When the university conducted the test in March, unbelievably they found out a huge number of systems have been removed from the Internet, although 1,969 of the systems were still available. Research assistant Seppo Tillkainen confessed there could be many problems at large or might be hiding because 30 percent of the Finnish IP address space is still not traced by Shodan.
Tiro Security is a leading provider of Penetration Testing in Los Angeles. With over 25 years of information security experience in-house we’ll find the holes before the hackers do.