Trend Micro sheds light on advanced attacks on IIoT environments
Trend Micro has identified specific attacks that exploit existing features and security flaws in Industrial IoT (IIoT) environments for espionage of financial gain.
More specifically, in association with Politecnico di Milano in its Industry 4.0 lab, which houses real manufacturing equipment from industry leaders, Trend Micro has addressed how advanced hackers are able to leverage unconventional, new attack vectors to sabotage smart manufacturing environments.
According to the report titled ‘Threats and Consequences: A Security Analysis of Smart Manufacturing Systems’, critical smart manufacturing equipment relies primarily on proprietary systems, however these machines have the computing power of traditional IT systems.
As they are capable of much more than the purpose for which they are deployed, attackers are able to exploit this power. The computers primarily use proprietary languages to communicate, however, as with IT threats, the languages can be used to input malicious code, traverse through the network, or steal confidential information without being detected, the researchers state.
Though smart manufacturing systems are designed and deployed to be isolated, this seclusion is eroding as IT and OT converge.
Due to the intended separation, there is a significant amount of trust built into the systems and therefore very few integrity checks to keep malicious activity out, Trend Micro states.
As identified by the researchers, the systems and machines that could be taken advantage of include the manufacturing execution system (MES), human machine interfaces (HMIs), and customisable IIoT devices.
These could be exploited in such a way to damage produced goods, cause malfunctions, or alter workflows to manufacture defective products.
Trend Micro vice president of infrastructure strategies Bill Malik says, “Past manufacturing cyber attacks have used traditional malware that can be stopped by regular network and endpoint protection. However, advanced attackers are likely to develop Operational Technology (OT) specific attacks designed to fly under the radar.
"As our research shows, there are multiple vectors now exposed to such threats, which could result in major financial and reputational damage for Industry 4.0 businesses. The answer is IIoT-specific security designed to root out sophisticated, targeted threats."
The report highlights key defense and mitigation measures, including different processes and tools that can be put in place.
For instance, deep packet inspection that supports OT protocols to identify anomalous payloads at the network level, integrity checks run regularly on endpoints to identify any altered software components and code-signing on IIoT devices to include dependencies such as third-party libraries.
Furthermore, the report suggests businesses run risk analysis to extend beyond physical safety to automation software, have a full chain of trust for data and software in smart manufacturing environments, use detection tools to recognise vulnerable/malicious logic for complex manufacturing machines, and implement sandboxing and privilege separation for software on industrial machines.
Giacomo Tavola, contract professor in Design and Management of Production Systems, and Stefano Zanero, associate professor in Advanced Cybersecurity Topics for Politecnico di Milano, comment on the findings.
They write, "Politecnico di Milano is fully committed to supporting Industry 4.0 in addressing crucial aspects related to security and reliability of automated and advanced controls, especially as they gain relevance in all production sectors and increasingly impact business.”