Trend Micro highlights the IIoT's growing security threats

Trend Micro has released a new report which highlights the growing security threats directed at the IIoT (Industrial Internet of Things) sector.

Just yesterday, IoT News covered a report from F-Secure which claims IoT devices are ‘easy prey’ and the firm witnessed double the number of attacks on its honeypot networks last year.

Manufacturing facilities have been connecting devices to realise the so-called ‘Industry 4.0’ vision. Benefits to efficiency are clear, but security is often an afterthought in the race to gain an edge over competitors.

In their report, Trend Micro wrote:

“Industry 4.0 comes with its challenges. Integrating the organization’s IT infrastructure with the OT and IP sides of the business means that the attack surface increases significantly.

Threat actors will find more weak points to break the security of the production. Attacks designed to target industrial control systems (ICSs), in particular, pose threats to production facilities.”

Among the greatest threats to manufacturing is the continued use of older operating systems due to longer equipment lifecycles and a “do not touch a working system” mentality. Trend Micro highlights the use of Windows XP, of which support ended in 2014, is higher in the manufacturing industry than any other although Windows 7 is the most used.

Trojans (39.9%) make up the largest number of malware types in the manufacturing industry. This is followed by PUAs (Potentially Unwanted Applications) at 14.7 percent, and more generic ‘worm’ at 9.9 percent. Just out of the top three is ‘hacking tool’ at 7.5 percent, and increasing burden of the IoT industry ‘cryptocurrency miner’ at four percent.

As for malware families, the infamous ‘WannaCry’ just makes the top three at 3.3 percent. The top spot goes to generic threats (20.9%) which are not associated with any specific malware family. The second spot, and the first of the known malware families, goes to the ‘FRS’ malware.

Both WannaCry and FRS are ransomware, with the former gaining notoriety for a rapid spread last year which infected the UK's national healthcare systems and forced critical operations to be delayed.

Trend Micro highlights the high prevalence of the ‘Downad’ malware in manufacturing systems in comparison to other industries. The malware spreads primarily through infected removable devices. USB devices are often used in the manufacturing industry to quickly transfer data from one computer or network to another.

Many countries have developed national efforts which revitalise their industrial strategies and take advantage of the IoT’s potential for manufacturing.

Here are some of the developed economies and their Industry 4.0 strategy:

  • China (‘Made in China 2025’)

  • Germany (‘Industrie 4.0’)

  • India (‘Digital India’)

  • Japan (‘Society 5.0’)

  • Russia (‘4.0 RU’)

  • United States (‘Industrial Internet Consortium’)

Most of the attacks focus on either direct monetary gain through means like ransomware or cryptocurrency mining, or espionage. In the case of the latter, the victim may not even be aware of their leaked property but suffer long-term. According to the UN, counterfeit goods amount to $250 billion worth of trades every year.

Steve Quane, Executive VP of Network Defense and Hybrid Cloud Security for Trend Micro, said:

“Industry 4.0 offers unparalleled opportunities to increase productivity, enhance process efficiencies, and realize on-demand manufacturing, but it also dramatically alters the threat risk model for these facilities.

As this research outlines, the convergence of IT and OT could unwittingly have a serious impact on production lines and could lead to the loss of IP and competitive advantage.“

The concerns around IoT security are unlikely to ease any time soon. The sheer number of devices, often with poor security, flooding businesses and homes continue to make them a prime target for hackers.

Interested in hearing industry leaders discuss subjects like this? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.