Last year, because of malware, the German machine-building concern Rheinmetall Automotive for some time lost $ 4 million a week. The incident is a prime example of how malware can disrupt production, but many industrial owners still view cyber threats as something abstract and do not believe that something like this can happen to them.
Federico Maggi, the chief researcher at Trend Micro Information Security Company, decided to refute this misconception and, together with his colleagues, presented a 60-page study describing various methods of attacks on manufacturing enterprises. The purpose of the work was to prove that the cause of the attack is not necessarily any one vulnerability or system – a smart hacker can use many different methods to infect enterprise networks with malware.
In particular, the researchers presented an attack on equipment used to drill holes in toy phones. They showed how an attack on the supply chain can affect the temperature control system and cause emergency operation. Researchers used libraries to infect manufacturing equipment with malware.
Maggie began with a popular app store from the Swiss tech giant ABB, where engineers download codes for industrial robots. The researcher discovered a vulnerability in it (the problem has now been fixed), which allowed him to download his own code. As soon as the code was installed on the engineering workstation, Maggie was able to collect the necessary data about it. Since the sandbox was missing, the researcher could view and steal files using a simple plug-in.
Maggie also used the “digital twin,” a digitized copy of factory equipment or a process used in production to test performance. The researcher discovered a vulnerability in the software for managing the “digital twin” and showed how an attacker could manipulate the code. Theoretically, an attacker could force equipment to produce products on incorrect engineering projects.
The researchers report contains several security recommendations for mitigating attacks, including checking workstation software. However, it will take quite a while to protect against some of its attacks on supply chains.