Hackers could target smart manufacturing and other industrial environments with new and unconventional cyber attacks designed to exploit vulnerabilities in ecosystems which are supporting the Industrial Internet of Things (IIoT) according to academics and security company researchers.
Researchers at cybersecurity company Trend Micro and experts at the the Polytechnic University of Milan examined how hackers can exploit security flaws in IIoT equipment to break into networks as a gateway for deploying malware, conducting espionage or even conducting sabotage.
While these networks are supposed to be isolated, often there can be links with the general office systems across an organisation, especially if there isn’t segmentation on the network.
Putting smart manufacturing systems on their own dedicated is common practice, as is treating the ‘like black boxes’ said the report, in the sense that it is assumed that nobody will ever be able to compromise them. However, increasingly vendors are pushing for wireless networks on the factory floor, with things such as industrial robots directly connected to them.
Performing tests against real industrial equipment in the safety of the University of Milan’s Industry 4.0 lab, researchers uncovered a number of ways attackers could exploit vulnerabilities to gain access to smart manufacturing environments.
One example of this came when it was discovered there were vulnerabilities in a particular application which is used to help design and build robots and other autonomous systems, enabling attackers with access to the development network to install unverified add-ins.
These could be used to monitor the entire development process – and providing the attackers with the means to gain access to and control the network a smart device is run on, jumping from the device to other systems and a potential means of espionage.
Fortunately, researchers have already been in touch with the application providers behind software vulnerabilities were found in and this particular loophole has been closed.
But that wasn’t the only method researchers found they could exploit to gain access to smart networks by modifying an IIoT device to such an extent they can exploit it to control or modify how an operational environment works. Attackers would likely gain access to it via a vulnerability in the software supply chain of the device, perhaps in the method described above.
This is particularly concerning when it comes to sensors and monitoring systems, which depending on the circumstances can do everything from providing alerts on when maintenance is needed, to actively controlling anything from the temperature of an environment to physical systems.
But with access to such systems, an attacker could alter readings on the network, so as to not give away that any suspicious activity is happening, even if they are making adjustments to functionality.
Alternatively, attackers could be much much less subtle, either by using a network of trojanized devices to take down a network in a DDoS attack, or by controlling devices which set off alarms or do other highly noticeable activities. Other potential ways onto these networks include compromised workstations or the app stores that are now being developed to offer add-ons for industrial systems.
All of these scenarios serve as an active reminder that if not properly managed, cyber physical systems can be compromised and exploited in a variety of ways.
“Attackers are not sitting back and hoping for a high-profile, vulnerable smart manufacturing system to pop up on search engines like Shodan, ready for them to attack. We believe that unconventional attack vectors such as the ones we explore are more likely for an advanced attacker profile. This possibility is increased by the fact that smart manufacturing systems, while made of hardware, live in an ecosystem with an intricate net of interdependencies,” the report said.
“Past manufacturing cyber attacks have used traditional malware that can be stopped by regular network and endpoint protection. However, advanced attackers are likely to develop operational technology specific attacks designed to fly under the radar,” said Bill Malik, vice president of infrastructure strategies for Trend Micro.
However, there are ways to help protect smart industrial systems from being compromised. Where possible, IioT systems should be completely segmented from the rest of the network, however, this can’t always be the case.
Therefore, organisations should run regularly integrity checks on devices on the network in an effort to spot any altered software – and then replace it if that’s the case.
Large organisations could also play a role in monitoring the security of their supply chain in order to ensure that vulnerabilities don’t enter the ecosystem before they’ve reached their own environment.
