Story image

65% of manufacturers run outdated operating systems – Trend Micro

15 Apr 2019

Cybersecurity solutions provider Trend Micro has announced new research that demonstrates the threats facing manufacturing networks still running outdated technology, including risks to intellectual property and production processes.

The report, Securing Smart Factories: Threats to Manufacturing Environments in the Era of Industry 4.0, outlines the security dimension of a new era for manufacturing driven by IoT and connectivity everywhere.

Manufacturers are heavily investing in the convergence of traditional operational technology (OT) with IT networks in 2019, adding new technology to environments that are still vulnerable to more than 10-year-old issues, like Conficker.

“Industry 4.0 offers unparalleled opportunities to increase productivity, enhance process efficiencies, and realise on-demand manufacturing, but it also dramatically alters the threat risk model for these facilities,” says Trend Micro network defense and hybrid cloud security executive vice president Steve Quane.

“As this research outlines, the convergence of IT and OT could unwittingly have a serious impact on production lines, and could lead to the loss of IP and competitive advantage.”  

The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.

Previously isolated operations networks are being connected to the IT network to drive efficiencies, but this exposes insecure proprietary protocols and potentially decades-old OT equipment that is often not patched frequently enough because of its criticality.

There is a harsh disparity between the significant operations performed by these devices and the fact that they operate for years with known vulnerabilities.

According to Gartner, OT networks and assets, and their security implications were undiscovered and unmanaged for many years.

As a result, current OT networks are unsegmented with a mix of production protocols, unidentified assets, legacy systems and devices.

These industrial components have many unsecured communication channels to corporate/ IT networks, and they utilise different vendor architectures and security standards.

In addition to maintaining legacy infrastructure with known weaknesses, new vulnerabilities are being discovered more frequently than ever before in these systems.

Zero-day vulnerabilities purchased in human-machine interfaces (HMIs) of industrial control systems increased by more than 200 percent in 2018 compared to the previous year.

Manufacturers are thus exposed to both targeted and commodity malware, including cryptocurrency mining attacks that could harm key production processes by consuming processing power and causing network latency.

Ransomware is also a major threat to manufacturers if the attack affects production.

To help mitigate the impact of Industry 4.0 threats, Trend Micro recommends manufacturers remember the basics of cybersecurity, such as restricting user access and disabling directory listings, as well as identifying and prioritising key assets to protect.

Tech Data to distribute Nutanix backup solution in A/NZ
Tech Data will distribute HYCU Data Protection for Nutanix backup and recovery software to their network of partners across Australia and New Zealand.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.