IoT security: How these unusual attacks could undermine industrial systems

The fact that IoT devices and, more generally, Operational Technology (OT) is vulnerable isn’t really news and my company has been selling technology to identify and mitigate attacks for a few years. This article got me thinking about a related topic: segmentation. I come across networks all the time that are ‘flat’ i.e. every device can ‘see’ every other. That means the 5 year old video conference system can ‘see’ the 3 year old IP telephone and, sometimes, the 2 year old never-patched Android phone that an employee has connected via your wifi. not good…:

[…] Researchers at cybersecurity company Trend Micro and experts at the the Polytechnic University of Milan examined how hackers can exploit security flaws in IIoT equipment to break into networks as a gateway for deploying malware, conducting espionage or even conducting sabotage.

While these networks are supposed to be isolated, often there can be links with the general office systems across an organisation, especially if there isn’t segmentation on the network.

Putting smart manufacturing systems on their own dedicated is common practice, as is treating the ‘like black boxes’ said the report, in the sense that it is assumed that nobody will ever be able to compromise them. However, increasingly vendors are pushing for wireless networks on the factory floor, with things such as industrial robots directly connected to them.

Performing tests against real industrial equipment in the safety of the University of Milan’s Industry 4.0 lab, researchers uncovered a number of ways attackers could exploit vulnerabilities to gain access to smart manufacturing environments.

[…]

Original article here