In the case of the incident involving Berghof PLCs, the security firm's researchers showed that it's easy to identify the internet-exposed PLCs using the Shodan search engine and found that many can likely be accessed using default or common credentials.