Manufacturers: Hackers Ultimately Aim to Control Your Shop Floor

Neither anti-virus programs nor firewalls are effective at constantly blocking common attacks on the manufacturing industry, says Gerhard Conradie, MD of Evolv Networks.

The manufacturing sector is one of the most frequently targeted industries, highlighted by IBM X-Force Threat Intelligence Index 2018.

“Manufacturers experienced 13% of the security incidents in 2017 and slightly more attacks than the number-one targeted industry: financial services.

“And nearly 30% of all network attacks in this sector involved SQLi tactics, many of which could be avoided with better security assessments and controls.”

SQL Injection Tactics

Structured query language (SQL) is used to query, operate and administer database systems such as Microsoft SQL Server, Oracle, or MySQL. An SQL injection exploits a Web app vulnerability, a hacking technique that has been in play for more than 15 years and that is still causing havoc today.

The SQL injection allows a hacker access to the full back-end of the database where they can then take or manipulate any of the data. The attacker deceives the SQL interpreter, so it can no longer differentiate between the attacker’s commands and legitimate commands.

The SQL interpreter therefore executes the commands and the attacker gains access to change, create, read or delete critical data. Security breach ramifications range from an authentication bypass to information disclosure and the spreading of malicious code to all application users.

Common Entry Points for SQL Injection Attacks:

  • Login forms
  • Support requests
  • Sign up forms
  • Contact forms
  • Feedback fields
  • Shopping carts
  • Site searches

The challenge is that neither anti-virus programs nor firewalls are effective at constantly blocking these common attacks.

Therefore, the best solution for SQL hacker tactics is prevention, far simpler and cheaper than recovering after disaster has struck.

  • Regularly update and patch servers and applications. Multi-platform server and desktop-focused patching manages the overall server life cycle for Microsoft and third-party products, as opposed to endpoints only.
  • Cyber hackers are actually banking on manufacturers running outdated SQL servers. (Support for SQL Server 2005 ended in April 2016 and manufacturing companies still running SQL 2005 potentially face serious security vulnerabilities if they don’t upgrade.)
  • Implement rule-based authentication. (One of the many SQL injection uses involves bypassing an application login process.)
  • Eliminate the use of general system administrator accounts; they are easy to hack.
  • Regularly change the passwords of application accounts into the database.

Machine control software penetration

Once the IT network of a manufacturing company is infiltrated, hackers can get access to software that controls machines, exploits a vulnerability remotely and downloads a tampered configuration file.

The smallest variance in the execution of operational technology can cause manufacturing disruptions. This leads to defective products resulting in recalls and reputational losses, production downtime, physical damage, injuries and even deaths.

A typical manufacturing company’s IT infrastructure is intricate at best, but in general, there are three main systems involved in the production process:

  • PLM (product life cycle management) system: the process for creating and managing the entire life cycle of a product.
  • ERP (enterprise resource planning) system: controlling process performance such as planning, purchasing, inventory, sales, marketing, finance and managing human resources within a company.
  • MES (manufacturing execution system): executing effective control over the manufacturing operations.

Conradie points out that your vulnerabilities can be approached by cyber criminals in stages, starting from one of the numerous business applications exposed to the Internet and then working towards the ultimate aim of controlling the shop floor. Once a hacker breaches a network, he gains unrestrained access to all manufacturing controllers and their configurations.

Your defence strategy

  • Identify all your assets to understand where threats are likely to come from, with the help of penetration testing and security assessment services. Don’t forget to take into account internal and external connections between systems. Determine what security tools you have in place and what exactly they are protecting?
  • Updates and patches must be applied as soon as they are released; otherwise, hackers can examine a new patch and discover how to exploit a related vulnerability.
  • Limit risks and implement access control measures. This will prevent hackers from accessing other parts of the system when one component is compromised.

The greatest risks to your manufacturing business may come down to simple permission errors or server misconfigurations that can be prevented by analysing the threats, understanding the potential impact and defining necessary security controls.

Gerhard Conradie, a certified MCSE (Microsoft Certified Systems Engineer, NT4/2000) and CNE (Certified Novell Engineer, Netware 5), is the MD of the Cape Town-based business IT solutions provider Evolv Networks.