Trend Micro today released research describing how advanced hackers could leverage unconventional, new attack vectors to sabotage smart manufacturing environments.
For this report, Trend Micro Research worked with Politecnico di Milano in its Industry 4.0 lab, which houses real manufacturing equipment from industry leaders, to demonstrate how malicious threat actors can exploit existing features and security flaws in Industrial IoT (IIoT) environments for espionage of financial gain.
Critical smart manufacturing equipment relies primarily on proprietary systems, however these machines have the computing power of traditional IT systems. They are capable of much more than the purpose for which they are deployed, and attackers are able to exploit this power. The computers primarily use proprietary languages to communicate, but just like with IT threats, the languages can be used to input malicious code, traverse through the network, or steal confidential information without being detected.
Though smart manufacturing systems are designed and deployed to be isolated, this seclusion is eroding as IT and OT converge. Due to the intended separation, there is a significant amount of trust built into the systems and therefore very few integrity checks to keep malicious activity out.
The systems and machines that could be taken advantage of include the manufacturing execution system (MES), human machine interfaces (HMIs), and customizable IIoT devices. These are potential weak links in the security chain and could be exploited in such a way to damage produced goods, cause malfunctions, or alter workflows to manufacture defective products.
The report offers a detailed set of defense and mitigation measures, including:
- Deep packet inspection that supports OT protocols to identify anomalous payloads at the network level
- Integrity checks run regularly on endpoints to identify any altered software components
- Code-signing on IIoT devices to include dependencies such as third-party libraries
- Risk analysis to extend beyond physical safety to automation software
- Full chain of trust for data and software in smart manufacturing environments
- Detection tools to recognize vulnerable/malicious logic for complex manufacturing machines
- Sandboxing and privilege separation for software on industrial machines
To find out more and read the full report, please visit: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/threats-and-consequences-a-security-analysis-of-smart-manufacturing-systems
Like this:
Like Loading...
Related
This entry was posted on May 11, 2020 at 1:43 pm and is filed under Commentary with tags Trend Micro. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Trend Micro Research Identifies Critical Industry 4.0 Attack Methods
Trend Micro today released research describing how advanced hackers could leverage unconventional, new attack vectors to sabotage smart manufacturing environments.
For this report, Trend Micro Research worked with Politecnico di Milano in its Industry 4.0 lab, which houses real manufacturing equipment from industry leaders, to demonstrate how malicious threat actors can exploit existing features and security flaws in Industrial IoT (IIoT) environments for espionage of financial gain.
Critical smart manufacturing equipment relies primarily on proprietary systems, however these machines have the computing power of traditional IT systems. They are capable of much more than the purpose for which they are deployed, and attackers are able to exploit this power. The computers primarily use proprietary languages to communicate, but just like with IT threats, the languages can be used to input malicious code, traverse through the network, or steal confidential information without being detected.
Though smart manufacturing systems are designed and deployed to be isolated, this seclusion is eroding as IT and OT converge. Due to the intended separation, there is a significant amount of trust built into the systems and therefore very few integrity checks to keep malicious activity out.
The systems and machines that could be taken advantage of include the manufacturing execution system (MES), human machine interfaces (HMIs), and customizable IIoT devices. These are potential weak links in the security chain and could be exploited in such a way to damage produced goods, cause malfunctions, or alter workflows to manufacture defective products.
The report offers a detailed set of defense and mitigation measures, including:
To find out more and read the full report, please visit: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/threats-and-consequences-a-security-analysis-of-smart-manufacturing-systems
Share this:
Like this:
Related
This entry was posted on May 11, 2020 at 1:43 pm and is filed under Commentary with tags Trend Micro. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.