Trend Micro recently released the first in-depth, hands-on research that demonstrates the extent to which industrial robots can be compromised.
Report: Cyberattacks on Industrial Robots
Mark Nunnikhoven | Trend Micro
Trend Micro recently released the first in-depth, hands-on research that demonstrates the extent to which industrial robots can be compromised. Highlights from the research include:
- Attacks against robots seek to compromise accuracy, safety and integrity, which can be detrimental to their effectiveness
- More than 83,000 industrial robots were found exposed on the internet, and 5,000 had no authentication requirements
- There are approximately 65 known vulnerabilities affecting these systems
How is this research different from other previously published robot research?
This research is different in two ways: it focuses on industrial robots and routers, and it demonstrates an actual attack scenario. Similar research that has been previously released is either theoretical, or general toward all robots, including consumer devices.
What is a large scale implication of an attack on industrial robots?
There are several potential attack scenarios outlined in the report, each of which could result in significant financial loss for the target facility. The possibility of leveraging such an attack as a form of ransomware supports our 2017 prediction that ransomware will be diversified and utilized in different devices and schemas. More so than traditional ransomware, this scenario puts the attacker in complete control of the integrity of the facility’s output.
Has Trend Micro seen any active exploits against industrial robots?
We are not aware of any exploits to these devices and systems at this time. We have worked closely with ABB to explain and help them address the risks to prevent potential attacks.
What can manufacturers do to mitigate the risks posed by industrial robots and routers?
Attacks can be detected by identifying software and network anomalies. While patching is still recommended, system hardening is a reliable approach to protection as patches are difficult to maintain across complex software. Also, a secure software development life cycle is one of the best ways to mitigate this risk by eliminating vulnerabilities when the software is created.
Can the attacks be stopped at the door or is each individual robot compromised?
The attacks outlined in the paper can be run over the internet, from the same network or with a direct physical connection to the robot. For each of these avenues there are different methods of stopping these attacks.
Blocking access to the robots from the internet is a good first step. If this access is required, it should be tightly controlled and monitored. The same approach applies for the internal network, though here remote control and monitoring of the robot is more likely a business requirement.
Blocking attacks with physical access to the robot requires more collaboration with and work by the vendor. ABB’s response to this research effort shows that this work can be done and is an area of concern for the vendors.
Did your research cover other systems (IIoT) found in the manufacturing processes in modern factories?
This research effort looks at the industrial robots and routers. However we are also conducting research around smart cities and have the next phase of that research coming out shortly.
How do you see the evolution of cyberwarfare in the near future? Can AI assist in the development of defenses?
In what context are you exploring cyberwarfare? Specific to this paper, manufacturing is a target of interest when it comes to nation state conflict. Being able to impact a target’s manufacturing capabilities remotely without the risks of units in the field would be of benefit to the attacker. We’ve seen this technique used with the Stuxnet attack.
This post does not have any comments. Be the first to leave a comment below.
Post A Comment
You must be logged in before you can post a comment. Login now.