Security Researchers Gain New Insights as Censys Launches Advanced ICS and RAT Scanning Capabilities

CyberDefender 3 mins0

Researchers at Censys have expanded their internet scanning capabilities by adding or improving detection for eight different network protocols. These protocols often run quietly in the background and can either serve legitimate functions or be abused by attackers. The goal of these updates is to increase visibility into less-observed services — especially those that could expose remote access tools or industrial control systems (ICS) to misuse.

What’s Been Updated

It now includes new or enhanced scanners for the following:

  • Cisco Network Spectrum Interface (NSI) – Used for wireless spectrum analysis, NSI can reveal the presence of Cisco wireless infrastructure, especially in large enterprise environments.
  • Adobe Flash Socket Policy Server – Although Flash is obsolete, many of these servers still exist online, acting as markers for legacy systems that may be otherwise overlooked.
  • Mitsubishi MELSEC PLC Protocol – This protocol is used by Mitsubishi industrial controllers. Detecting exposed instances helps identify ICS devices that might be reachable from the public internet.
  • HashiCorp Memberlist Gossip Protocol – Common in distributed systems for maintaining cluster state, exposed instances could reveal internal infrastructure details.
  • MikroTik RouterOS Management API – Exposed RouterOS management interfaces indicate network administration services that could be probed or abused if unsecured.
  • RustDesk Services – Three scanners target parts of the RustDesk remote desktop software (heartbeat, rendezvous, and relay services). Since RustDesk can be self-hosted, misconfigured servers may act as open relays, exposing remote access infrastructure that attackers could exploit.

Why It Matters

By highlighting these protocols, it aims to give security teams and researchers better insight into services that are often hidden from standard internet scans. Some of these — such as PLC protocols used in industrial systems — carry potential physical consequences if compromised. Others, like remote access tools or legacy services, help identify outdated or insecure infrastructure that could be abused.

These protocol fingerprints are now available and can be used in asset discovery, threat hunting, and attack surface assessments to track instances of these services on public-facing networks.

CyberDefender