Corey Nachreiner, CTO at WatchGuard Technologies, explains how modern hackers can still infiltrate manufacturers through unlikely and outdated technologies.
In 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate.
The cause at the time was a complete mystery. Five months later, a seemingly unrelated event occurred when a computer security firm in Belarus was called in to fix a series of computers once more in Iran, which were crashing and rebooting repeatedly. Again, the cause was a mystery. Then a handful of malicious files were found on one of the systems - and the world's first digital weapon was discovered.
‘Stuxnet’, as it became known, was unlike any other virus or worm that had appeared before. Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak physical destruction on the actual equipment the computers controlled.
It is now widely recognised that the same hacking process could quite easily be used to target any PLC and software-controlled device on a manufacturer’s floor. With nearly half of UK manufacturing companies just last year falling victim to cybercrime and the number of cyberthreats targeting manufacturers climbing, the sector is one of the top three most targeted by cybercriminals.
Modern manufacturers use a complex combination of systems and platforms of varying ages and degrees of specialisation. This, compounded by both current and lingering issues created by the move over to Industry 4.0, means providing reliable security across all hyperconnected and increasingly complex business networks can be a daunting task for the industry’s IT teams.
According to Verizon’s 2018 Data Breach Investigation Report, 47 per cent of all attacks in manufacturing involved the theft of intellectual property, with 66 per cent of attacks happening from hacking and 34 per cent from malware. The same report also found that external hackers were responsible for 89 percent of the total number of attacks.
This year’s equivalent report reveals that manufacturing has also been experiencing an increase in financially motivated breaches, although espionage is still a strong motivator. Most involved phishing and the use of stolen credentials. The report reveals 68 per cent of motives are financial and 27 per cent are espionage.
From this we can safely assume cyber criminals will leave no hardware unturned when it comes to finding entry points into their targeted networks. They are also acutely aware that many manufacturing companies are also running outdated systems with readily exploitable vulnerabilities or they are moving over to new, more connected technologies such as IoT which often present additional security concerns.
In addition, the back offices of factory and manufacturing facilities are often host to several legitimate, but in all probability neglected, means by which hackers can access computer or network servers. This becomes even more problematic when older appliances and technologies aren’t usually a top security priority and therefore often forgotten, unpatched and therefore left vulnerable.
Obviously, a lack of investment in cybersecurity is one of the biggest risks for manufacturers, but there are still several older technologies which can be found in their facilities from the back office to the factory floor and which should be phased out or at least patched.
The main offenders include, fairly surprisingly, fax machines. According to a Spiceworks poll, 62 percent of companies still used physical fax machines and many of the passwords for them are never updated from the default ones provided when they are acquired. Left unsecured, they present an easy target for cybercriminals hunting for confidential data. Hackers who infiltrate faxes can seize the distribution power to send sensitive fax documents wherever they want, including their own email addresses. Changing passwords, disabling the machine’s remote access or management options or adding a VPN is recommended.
Like faxes, printers are also often overlooked when it comes to changing outdated passwords and hackers, as a result, can create numerous problems from stealing hidden documents to infiltrating an entire IT infrastructure. As well as changing the password, IT teams should determine carefully who is responsible for controlling them and make sure they are all securely connected to the internet. Their software may also need updating regularly so should be patched and if they are replaced every few years, it may be necessary to have a destruction strategy, or at least for the hard drives they contain.
These days, video conferencing systems are frequently used for business meetings and calls but the level of security in these devices can at the same time be pretty low. Cybercriminals can therefore actively look for opportunities to hack the systems connected to public Wi-Fi networks. They are also a prime target for spying on highly confidential conversations and company meetings. Therefore, manufacturing companies are urged to create private networks for conference rooms and only connect them to public ones when absolutely necessary. VPN and additional authentications should also be considered. The rule about changing factory-set passwords is the same here, as it is for any IoT device.
When it comes to actual physical security, such as security cameras and door access systems, it is important to consider who in the company will be responsible for the defensive controls. While we know deficiencies in physical security can affect cyber security, it is recommended penetration tests are undertaken and network controls for detecting and eliminating any weaknesses in them are implemented.
Ventilation, heating and cooling system breaches can also potentially develop into an attack severe enough to cause a company’s entire sales operation to collapse, as starkly illustrated in the Target breach, when the debit and credit card data of 40 million account holders was stolen, including the cards’ magnetic track information which includes the cardholder’s name and card expiration dates.
These systems are often installed by people with limited IT experience, making them a more likely place for hackers to try to find an entry point to a network. Testing IoT devices and sensors before installation, assigning unique passwords, protecting their often web-based management systems and keeping on top of software updates are all important steps for companies to take to prevent compromises.
Overall, simply securing network and computer devices is no longer enough when it comes to bolstering an organisation’s overall security. Having old appliances and technologies may be contributing to the insecurity of its manufacturing network, but it’s also important to be aware that modern cybercriminals are very often wielding a multi-pronged approach when attacking. They will also target employees with social media scams and fraudulent emails and can even resort to searching through the bins for discarded documents which haven’t been shredded. To go forward with a robust security strategy, it is important to have visibility into connected devices, to scan often and keep both old and new ones updated regularly