Create a free Manufacturing.net account to continue

Inside the Growing Number of IIoT Device Attacks

Breaking down these vulnerabilities will be key to prioritizing and optimizing security.

Shankar Somasundaram
Mar 14, 2024
Io T

Manufacturers continue ramping up their procurement and deployment of Industrial Internet of Things (IIoT) equipment, sensors, and devices—and with good reason. Successful modernization depends on optimized supply chains, predictive maintenance, streamlined operating expenses, and other IIoT-device-enabling changes that directly affect manufacturers’ bottom lines.

Yet for many, the rush into an IIoT future has left security on the back burner. Even with ongoing projects for IT/OT integration, gaps and unmanaged devices remain, causing a need to understand today’s risk and what to do about it. Understanding the most current IIoT cyberattack pathways—and best practices for reducing risk—is critical for manufacturers to withstand increasing attacks without sacrificing the operational and business gains they’re now achieving.

The Many Faces of IIoT Attacks

Cybersecurity threats are constantly evolving and increasing in sophistication and effectiveness, but the shape of these approaches is nothing new. The bad guys tend to stick with what works, with some new wrinkles.

  • Ransomware. Ransomware offers cyberattackers a 2-for-1 special: they can encrypt data to lock down a manufacturer’s systems until they receive a ransom, and they can threaten to release exfiltrated data on the dark web unless they receive that payoff. Even if a manufacturer’s data backups and recovery strategies are up to the challenge, that second threat still stands.
  • Malware. Malware (call it a cousin of ransomware) enables IIoT infrastructure attackers to run particularly nasty software that collects login credentials or controls IIoT device behavior. Botnet malware can make IIoT devices part of large-scale Denial-of-Service (DoS) attacks. Info-stealer malware enables attackers to collect network authorizations, test for weak passwords to potentially elevate their unauthorized access, and impersonate users to ultimately steal data or damage systems.
  • Eavesdropping. Critically, many IIoT devices deployed by manufacturers don’t include many of the relatively basic security protections found in other enterprise IT devices. These devices do, nevertheless, connect to the internet—allowing for device- and network-level risks of eavesdropping attacks. For example, replay attacks allow attackers to capture legitimate messages from wireless networks and then resend those messages whenever they want. If a factory floor worker sees a legitimate message directing them to re-perform an action, they likely will, which can create havoc. Man-in-the-middle eavesdropping attacks are even more dangerous: in this case, the attacker captures messages between devices before sending them on, and can alter those messages (or send others) as well.
  • SQL Injection. Manufacturers utilize IIoT devices to send valuable data to web applications. Attackers leveraging SQL injection attacks will send a query request to a vulnerable application on an IIoT device, which in turn sends it to the database. The database will then send potentially sensitive data back to the application where it’s received by the attacker.
  • Supply Chain Attacks. IIoT devices lack official security standards, and some even include hardcoded default credentials that attackers can easily exploit. They often don’t receive traditional software and firmware support to patch vulnerabilities, inviting attackers to exploit those avenues of attack or to hijack firmware updates to introduce malware. Attackers can then use that malware to disrupt supply chains, putting manufacturers in a perilous position.

Taming the Untamed

Manufacturers are currently the most targeted industry for IoT attacks, as our recent report uncovered. The industry tends to tick a lot of boxes for attackers:

  • Valuable intellectual property.
  • Proprietary designs.
  • Slow-to-catch-up IIoT security practices.

A holistic IIoT security strategy must address the unique challenges of safeguarding IIoT devices and equipment, as these deployments present an expansive attack that will only continue to grow. A better approach to IIoT security begins with identifying all devices, inspecting traffic packets with a passive scanner (since that won’t disrupt IIoT devices), and assessing device vulnerability risks. Running passive packet inspection will profile each unique IIoT device. Security teams can then integrate device profiles with vulnerability scanners, network access control (NAC) tools, and the manufacturer’s configuration management database to arrive at a comprehensive risk score for each device.

This visibility sets the stage for successfully identifying devices with vulnerabilities and prioritizing risk. It’s a crucial but misunderstood point: vulnerabilities are not synonymous with risk.

Manufacturer security teams using IIoT devices will inevitably have finite resources with which to address IIoT device vulnerabilities. Recognizing which vulnerabilities attackers are actually likely to exploit—and that actually represent dangers to operations and safety—helps prioritize and optimize the effectiveness of security efforts. Analyzing device security data, open source software components, the criticality of vulnerabilities, and the most current and popular attack methods will inform this prioritization.

Where devices are vulnerable and don’t have available patches, manufacturers should put controls in place that nevertheless mitigate risk. This can mean deactivating unneeded services, blocking high-risk services, updating configurations to harden the device, or leveraging microsegmentation (useful when configuration changes would impact device operations).

As an essential practice, manufacturers should introduce continuous monitoring of IIoT devices and networks to recognize anomalous behavior that could signal attack activity—and then integrate that monitoring with detection and response system alerts. Teams should monitor and conduct security analysis on technical forensic data such as server RAM, network device traffic, and FTP server data transfers. Additionally, network packet data capture capabilities make pinpointing the root of an attack that much quicker.

Attackers are increasingly eager to exploit vulnerable IIoT deployments that make it far too easy to cause harm. But by prioritizing IIoT security as much as IIoT adoption—and by understanding and mitigating the most immediate, real, and dangerous risks—manufacturers can assuage security fears while still benefiting from all of its modernization advantages.

Latest in Cybersecurity
9 Warning Signs Your Manufacturing Company Needs MRP Software
Sponsored
9 Warning Signs Your Manufacturing Company Needs MRP Software
March 1, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Inside the Schneider Electric Ransomware Attack
March 14, 2024
Io T
Inside the Growing Number of IIoT Device Attacks
March 14, 2024
Ep82tn
Security Breach: Cybersecurity's Greatest Weapon - Awareness
March 13, 2024
Related Stories
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Defending Against Identity-Based Attacks
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Inside the Schneider Electric Ransomware Attack
Ep82tn
Cybersecurity
Security Breach: Cybersecurity's Greatest Weapon - Awareness
9 Warning Signs Your Manufacturing Company Needs MRP Software
Sponsor Content
9 Warning Signs Your Manufacturing Company Needs MRP Software
More in Cybersecurity
9 Warning Signs Your Manufacturing Company Needs MRP Software
Sponsored
9 Warning Signs Your Manufacturing Company Needs MRP Software
How to know if you are ready to embrace MRP software? Here are some unmistakable signs that it’s time to make the move.
March 1, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Inside the Schneider Electric Ransomware Attack
Takeaways from a double-extortion campaign that targeted one of the sector's largest OT suppliers.
March 14, 2024
Ep82tn
Cybersecurity
Security Breach: Cybersecurity's Greatest Weapon - Awareness
The sector's (forced) cyber awakening needs to focus on making it harder to be a hacker.
March 13, 2024
Financial Cyber
Cybersecurity
What the SEC Cybersecurity Regulations Mean for Manufacturing
The impacts they will have for publicly traded companies now, and others later.
March 8, 2024
Soc
Cybersecurity
Upgraded Platform Streamlines OT Cybersecurity Risk Management
The new version looks to bolster security and lower risk to OT operations.
March 7, 2024
Ep81tn
Cybersecurity
Security Breach: Stop Chasing Cyber Ghosts
How thinking like a hacker can lead to better cybersecurity ROI and avoid the dreaded "hope" strategy.
March 7, 2024
Coding
Cybersecurity
Report Shows Software Codebase Vulnerabilities Surged 54 Percent
Malicious actors have taken note of this attack vector, and manufacturing tops the list of vulnerable industries.
March 6, 2024
Ap24065548028693
Cybersecurity
A Month After Cyberattack, Chicago Children's Hospital Says Some Systems Are Back Online
Hospitals are an appealing target for attackers who know their reliance on online technology.
March 5, 2024
Ap24060627731468
Cybersecurity
A Large U.S. Health Care Tech Company Was Hacked
It's leading to billing delays and security concerns.
March 1, 2024
An EKEN doorbell camera, along with other models, are shown on display at CES International, Jan. 10, 2019, in Las Vegas.
Cybersecurity
Some Doorbell Cameras Have Major Security Flaws
The flaws could allow bad actors to view footage from the devices or control them completely.
March 1, 2024
Soc
Cybersecurity
Survey Identifies Gaps in Securing OT Access
The IT/OT divide continues, and it's creating huge risks.
February 29, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Dragos Reports Rise in Geopolitically Driven Attacks, Ransomware
New threat groups, state actors and hacktivist groups gained ground, but there's positive movement as well.
February 29, 2024
Online Safety And Security
Cybersecurity
Malware Campaign Targeting Oil & Gas Sector
The MaaS being used was updated to provide customizations that allow threat actors to exploit additional vulnerabilities.
February 29, 2024
Hacking Alarm
Cybersecurity
Emerging Tech Poses New Threats
Five strategies for managing and getting in front of the most prevalent and emerging cyber threats.
February 29, 2024
Risk Management
Cybersecurity
Broadening Requirements for Defending Critical Infrastructure
The current imbalance of OT/ICS regulations heightens risks for the entire sector.
February 29, 2024