Create a free Manufacturing.net account to continue

Analyzing the Growing Number of IIoT Device Hacks

Breaking down these vulnerabilities will be key to prioritizing and optimizing security.

Shankar Somasundaram
Mar 14, 2024
Io T

Manufacturers continue ramping up their procurement and deployment of Industrial Internet of Things (IIoT) equipment, sensors, and devices—and with good reason. Successful modernization depends on optimized supply chains, predictive maintenance, streamlined operating expenses, and other IIoT-device-enabling changes that directly affect manufacturers’ bottom lines.

Yet for many, the rush into an IIoT future has left security on the back burner. Even with ongoing projects for IT/OT integration, gaps and unmanaged devices remain, causing a need to understand today’s risk and what to do about it. Understanding the most current IIoT cyberattack pathways—and best practices for reducing risk—is critical for manufacturers to withstand increasing attacks without sacrificing the operational and business gains they’re now achieving.

The Many Faces of IIoT Attacks

Cybersecurity threats are constantly evolving and increasing in sophistication and effectiveness, but the shape of these approaches is nothing new. The bad guys tend to stick with what works, with some new wrinkles.

  • Ransomware. Ransomware offers cyberattackers a 2-for-1 special: they can encrypt data to lock down a manufacturer’s systems until they receive a ransom, and they can threaten to release exfiltrated data on the dark web unless they receive that payoff. Even if a manufacturer’s data backups and recovery strategies are up to the challenge, that second threat still stands.
  • Malware. Malware (call it a cousin of ransomware) enables IIoT infrastructure attackers to run particularly nasty software that collects login credentials or controls IIoT device behavior. Botnet malware can make IIoT devices part of large-scale Denial-of-Service (DoS) attacks. Info-stealer malware enables attackers to collect network authorizations, test for weak passwords to potentially elevate their unauthorized access, and impersonate users to ultimately steal data or damage systems.
  • Eavesdropping. Critically, many IIoT devices deployed by manufacturers don’t include many of the relatively basic security protections found in other enterprise IT devices. These devices do, nevertheless, connect to the internet—allowing for device- and network-level risks of eavesdropping attacks. For example, replay attacks allow attackers to capture legitimate messages from wireless networks and then resend those messages whenever they want. If a factory floor worker sees a legitimate message directing them to re-perform an action, they likely will, which can create havoc. Man-in-the-middle eavesdropping attacks are even more dangerous: in this case, the attacker captures messages between devices before sending them on, and can alter those messages (or send others) as well.
  • SQL Injection. Manufacturers utilize IIoT devices to send valuable data to web applications. Attackers leveraging SQL injection attacks will send a query request to a vulnerable application on an IIoT device, which in turn sends it to the database. The database will then send potentially sensitive data back to the application where it’s received by the attacker.
  • Supply Chain Attacks. IIoT devices lack official security standards, and some even include hardcoded default credentials that attackers can easily exploit. They often don’t receive traditional software and firmware support to patch vulnerabilities, inviting attackers to exploit those avenues of attack or to hijack firmware updates to introduce malware. Attackers can then use that malware to disrupt supply chains, putting manufacturers in a perilous position.

Taming the Untamed

Manufacturers are currently the most targeted industry for IoT attacks, as our recent report uncovered. The industry tends to tick a lot of boxes for attackers:

  • Valuable intellectual property.
  • Proprietary designs.
  • Slow-to-catch-up IIoT security practices.

A holistic IIoT security strategy must address the unique challenges of safeguarding IIoT devices and equipment, as these deployments present an expansive attack that will only continue to grow. A better approach to IIoT security begins with identifying all devices, inspecting traffic packets with a passive scanner (since that won’t disrupt IIoT devices), and assessing device vulnerability risks. Running passive packet inspection will profile each unique IIoT device. Security teams can then integrate device profiles with vulnerability scanners, network access control (NAC) tools, and the manufacturer’s configuration management database to arrive at a comprehensive risk score for each device.

This visibility sets the stage for successfully identifying devices with vulnerabilities and prioritizing risk. It’s a crucial but misunderstood point: vulnerabilities are not synonymous with risk.

Manufacturer security teams using IIoT devices will inevitably have finite resources with which to address IIoT device vulnerabilities. Recognizing which vulnerabilities attackers are actually likely to exploit—and that actually represent dangers to operations and safety—helps prioritize and optimize the effectiveness of security efforts. Analyzing device security data, open source software components, the criticality of vulnerabilities, and the most current and popular attack methods will inform this prioritization.

Where devices are vulnerable and don’t have available patches, manufacturers should put controls in place that nevertheless mitigate risk. This can mean deactivating unneeded services, blocking high-risk services, updating configurations to harden the device, or leveraging microsegmentation (useful when configuration changes would impact device operations).

As an essential practice, manufacturers should introduce continuous monitoring of IIoT devices and networks to recognize anomalous behavior that could signal attack activity—and then integrate that monitoring with detection and response system alerts. Teams should monitor and conduct security analysis on technical forensic data such as server RAM, network device traffic, and FTP server data transfers. Additionally, network packet data capture capabilities make pinpointing the root of an attack that much quicker.

Attackers are increasingly eager to exploit vulnerable IIoT deployments that make it far too easy to cause harm. But by prioritizing IIoT security as much as IIoT adoption—and by understanding and mitigating the most immediate, real, and dangerous risks—manufacturers can assuage security fears while still benefiting from all of its modernization advantages.

Latest in Cybersecurity
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sponsored
Specialty Food Producer Achieves Growth and Traceability with MRP Software
April 5, 2024
Ep90
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Transportation and Logistics Under Siege
April 24, 2024
Industrial Cyber
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
April 24, 2024
Related Stories
Ransomware
Cybersecurity
Report Identifies Hidden Costs, Challenges of Ransomware
Ep90
Cybersecurity
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sponsor Content
Specialty Food Producer Achieves Growth and Traceability with MRP Software
More in Cybersecurity
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sponsored
Specialty Food Producer Achieves Growth and Traceability with MRP Software
Sales Manager Karen Addenbrook: "It has been terrific for our business and made us enormously more efficient."
April 5, 2024
Ep90
Cybersecurity
Security Breach: DMZs, Alarm Floods and Prepping for 'What If?'
The new factors impacting a growing attack surface, and how to evolve your cyber risk strategies.
April 25, 2024
Fleet Of Fed Ex Delivery Trucks In A Parking Lot 483290419 4500x3000 (1)
Cybersecurity
Transportation and Logistics Under Siege
A look at how this vital and increasingly targeted market sector is responding to more cyberattacks.
April 24, 2024
Industrial Cyber
Cybersecurity
5G, AI and More Are Changing OT - Why Zero Trust Could Be the Solution
Maximizing technology investments while maintaining security.
April 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
Avoiding Shutdowns from Ransomware Attacks
A strategic approach for protecting OT networks.
April 24, 2024
IEC 62443 is a key standard to reduce risk of cyberattacks in industrial workplaces.
Cybersecurity
How to Build a More Secure Connected World with IEC 62443
The goal is better efficiency, improved sustainability and interoperability, enhanced reliability and greater cost-effectiveness for system integrators, product suppliers and other stakeholders.
April 24, 2024
Ap24114558425503
Cybersecurity
UnitedHealth Says Wide Swath of Patient Files May Have Been Taken in Cyberattack
Screen shots containing protected health information or personally identifiable information were posted.
April 24, 2024
Coding
Cybersecurity
CISA Releases 7 ICS Advisories
Unitronics, Rockwell and Mitsubishi head the list.
April 19, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Cybersecurity
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Ap24107471702533
Cybersecurity
Cyberattack Costs Hit UnitedHealth in Q1 That Still Turns Out Better than Expected
UnitedHealth is still restoring several services from the February attack.
April 16, 2024
Siemens Image 1
Cybersecurity
An Automatic Cyber Response Solution
The platform works to isolate and quarantine the infected production equipment during an attack.
April 11, 2024