Diagnosis cyberattack: When hospitals become the target of cyberattacks

Diagnosis cyberattack: When hospitals become the target of cyberattacks

When the clinic’s computer becomes the target of cyber-criminals, human lives are at stake. The healthcare sector is becoming increasingly digitalized: Patient data is no longer stored in paper files, but on computers. Data from pacemakers and insulin pumps is transferred to smartphones via Wi-Fi. Many medical devices are connected to the internet. The increasing connectivity is causing more and more gateways for cyber-attacks, which can have fatal consequences. For example, if patient data is no longer accessible to nurses and doctors due to an IT failure, medication could be given incorrectly. Which dose of which medication does the patient receive at which time? An overdose can be life-threatening, especially with heart or diabetes medication. And there is also an immense danger in the OR: even a minimal manipulation of a medical device during an operation on a patient’s heart or brain can lead not only to irreversible damage, but also to death.

Network-enabled machines in medicine – a danger?

In the medical sector, digitalisation and networking play an increasingly important role – whether in the OR, in the laboratory, or in nursing care. For example, the DaVinci medical robot, is already being used in many US clinics and German hospitals for minimally invasive surgery. The surgeon controls the instruments from a control panel, and DaVinci’s robotic arms execute the hand movements.

Robots that help humans in the laboratory handle potentially dangerous substances and nanorobots that move through blood vessels to bring pharmaceutical substances to the required point in the body. The future of medical technology is promising, but also facing a constant danger: Because every IT system can be attacked if security is inadequate and represents a potential target for cyber criminals.

As early as 2015, security researchers found almost 70,000 medical devices with security breaches, including equipment for nuclear medicine, infusion devices, anaesthesia machines and imaging systems. The vulnerabilities are also found among cyber-criminals. In July this year, the German Red Cross in Saarland and Rheinland-Pfalz became victim of a Ransomware attack. The blackmail software encrypted databases and servers, thus shutting down the entire network of the GRC hospital. For security reasons, the servers were disconnected from the internet. However, the care of the patients was guaranteed at all times, patient admissions and medical reports were done with pen and paper. After a few days the servers of the GRC were put back into operation. Luckily, the data could be restored from a backup.

In the following year, the Neuss Clinic was targeted by hackers. An employee opened an infected attachment of a malicious email which downloaded a Blackmail Trojan onto the internal IT system, which spread across all of the hospital’s computers. Within a very short time, the employees of the highly digitized hospital in Neuss had to switch back to the analogue documentation methods.

Major security vulnerabilities in healthcare facilities

Security measures in hospitals and other health care facilities are less mature than in large companies. Everyday hospital life is busy, computers are often left unlocked when leaving the workplace, and there is hardly time for software updates. Outdated devices and systems are connected to each other through the Internet – security gaps arise in many places. The attack in Neuss shows that the main gateway to cyber-attacks is primarily via email. A lack of awareness among employees allows attacks with malicious attachments in emails to encrypt, copy or steal data. Hackers demand a ransom for decryption, usually in form of crypto currencies like Bitcoins. In the Neuss hospital case, the data could be restored thanks to a backup and no ransom was paid, but the systems still had to be shut down. Despite the backup, the cyber-attack cost the hospital around 1 million Euro.

How can hospitals protect themselves?

Cyber-attacks are no longer just a problem for large corporations in the industry, they belong to the world’s biggest threats, according to the World Economic Forum’s Global Risk Report 2019. In view of the global dangers of cyber-attacks, especially attacks on hospitals and other critical infrastructures, there is a great need for action to secure IT systems.

The problem: Cyber-criminals are using more and more perfidious approaches to smuggle in malware and other harmful programs. A simple anti-virus program is no longer enough to protect the entire company’s infrastructure. In-depth filter systems with sophisticated detection mechanisms, with which malicious emails can be detected at an early stage, form the basis for full protection.

To reduce the success rate of social engineering attacks such as CEO fraud or phishing, the hospital staff needs to learn more about the characteristics of malicious email through IT security training – that reduces the risk of an employee spreading malware and causing subsequent damage.

But the financial means to secure IT systems are limited. And the current legal situation also makes it difficult for hospitals to secure medical devices, because once they have been certified, they can no longer be changed – not even with software updates. Ultimately, digitalization offers more attack vectors for cyber criminals if security gaps are not considered. Although there has not been a targeted cyberattack on a hospital that has harmed a patient, appropriate and effective precautions must be taken to avoid this. The security of the IT infrastructure in hospitals must be given higher priority – because ultimately, any cyberattack on a healthcare facility can not only have financial but also health consequences.

Sources
Cybercrime – a global risk?

Cybercrime – a global risk?

Droughts, tidal waves, water crises and mass extinction of species – these are threats that endanger our way of life. But it is no longer just environmental disasters that have a terrifying impact on our existence. Cybercrime is a growing danger to national and global safety.

Cyber attacks are no longer an invisible threat: By 2021, experts estimate that companies worldwide will have to expect damage of up to 6 billion US dollars. The loss of image and monetary losses which companies have already suffered as a result of hacker attacks are tremendous. But what physical impact can cyberattacks have on public safety? What visible and noticeable damages can hackers cause by an attack?

According to the Global Risk Report 2019, for the third year in a row, cyber attacks are among the most severe global threats, along with weather extremes, the failure of climate protection and natural disasters. In addition, widespread cyberattacks and the collapse of critical infrastructures due to a cyber attack are considered to be the second most frequent danger in terms of probability and potential impact.

The stability of societies worldwide is no longer only influenced by natural disasters or terrorism; the effects of cyber attacks must also be taken into account in global security precautions. The focus of cybercriminals is no longer limited to large companies or private individuals in order to enrich themselves financially. Industries and critical infrastructures such as hospitals and other public utilities are increasingly targeted by cyber attacks. In 2010, the computer worm Stuxnet in the IT system of Iranian nuclear power plants caused irreparable damages to several uranium centrifuges. The attack is regarded as the first cyber-physical attack that caused immense defects to a military target.

When the electricity doesn’t flow: Attacks on public utilities

A study by the Ponemon Institute revealed that 90 percent of utilities in the United States, England, Germany, Australia, Mexico and Japan, and many more, were victims of at least one successful cyber attack. More than 700 security experts working in critical infrastructures were surveyed. The participants reported that about half of the attacks led to downtime in utility service.

The blogpost „Critical infrastructures – probably the most vulnerable point of a country“ already gave an insight about the devastating consequences of a cyber attack on public utilities. An attack that causes a blackout would lead, among other things, to the collapse of the traffic system and the failure of cooling systems. Especially in hospitals, the refrigeration of special vaccines or medicines is essential for their efficiency.

An attack on the Ukrainian power grid showed that hackers are quite capable of shutting down critical infrastructures: Shortly before Christmas 2015, cyber criminals took over the country’s infrastructure. An employee opened an email containing a malicious program that installed the malware “Black Energy” which eventually led to the failure of the supply systems. The result: 700,000 people had no electricity for about 24 hours.

Increasing number of attacks on the healthcare sector

In recent years, healthcare facilities have increasingly become the focus of cybercriminal activities. In 2016, hackers introduced a malicious program into the network of the Lukas Hospital in Neuss. The hospital had to switch back to the use of paper and pen. Radiotherapy for cancer patients had to be stopped and the emergency room had to be shut down.

In 2018, the Fürstenfeldbruck Clinic had to manage daily work without their computers for more than a week – due to a cyber attack. Only patients who were seriously injured or ill were taken to the hospital. In summer of 2019, several facilities of the German Red Cross were attacked.

These incidents show how vulnerable the IT systems of hospitals are. And what happens if cybercriminals exploit the vulnerabilities to infect medical devices with malware, for example?

The worst-case scenarios: If patient data is encrypted, nurses and doctors no longer have access to old files in which, for example, possible allergies to antibiotics and other drugs are noted. An allergic reaction or overdose can be fatal for a patient. But it is not only data that can be encrypted, stolen or manipulated by hackers. Today, various medical devices are connected to the Internet, including diagnostic imaging devices such as MRI and CT or infusion pumps and cardiac pacemakers. Manipulation of the devices during an operation on vital organs can cost lives.

Minor vulnerability, major impact

Our digital world connects our analogue lives with our online activities. The magnitude of attacks on the IT infrastructure of, for example, government or healthcare facilities can have a major impact on physical life. This is proven by the numerous examples mentioned. A growing number of cyber attacks, such as on critical infrastructures, which are being focused on more and more alongside companies, is definitely to be expected. However, currently it is unlikely that one of the worst-case scenarios described will actually occur. Nevertheless, it is essential to raise awareness of IT security and the risks of cyber attacks. Because even a small security gap can have serious consequences – which are now considered one of the greatest global threats along with the dangers of natural disasters.

Sources
It Can Wait Till Next Year…

It Can Wait Till Next Year…

How many times have you said that or heard that in the office environment? Probably more often than you care to admit. When that statement is made it usually applies to the costs associated with initiatives that sit on the budget bubble. These items or initiatives teeter on being shelved, usually as a result of a lack of enthusiasm or support. 

Regrettably, IT security has more commonly become an initiative that businesses discuss year-round but fail to act upon, instead waiting till next year to address the topic. That sense of urgency to act, to be proactive fails to be triggered, and most often it takes a devastating event such as a cyber-attack to force businesses to act.

Why the complacency?

Cyber-security is often seen as one of those big problems that only large corporations (i.e. banks, tech companies, governments) must worry about.  That only these larger entities have the resources, time and budget to address such initiatives come budget time. In fact, more people should be concerned with cyber-security at their workplaces, and not just the big corporations. It’s the smaller businesses, companies with less than 1000 employees (SMBs) that are at the greatest risk.  And, they are the greatest number of businesses in the US, which only increases the likelihood of being a target for a cyber-attack.

So, even though companies realize the inherent risk of being a target ripe for exploiting, there are a great number who shun enhancing their IT security in lieu of other projects and initiatives.  There also exists an increasing pool of SMB targets for cyber-criminals, more than at any time on history.  As a result, cyber-threats continue, becoming more sophisticated and developing new attack vectors into a businesses’ infrastructure and IT systems/applications.

“Wait till next year” wins again – and then there’s a cyber-attack

A phishing email is sent, malicious code deployed, and your businesses’ IT systems brought to a full stop.  Your IT perimeter has been breached, your data and applications hijacked. Everything is being held for ransom. What happened?

 

An employee tells the “IT person” they’re unable to unlock their laptop. They remember reading an email and clicking on a link that supposedly led to an invoice marked “PAY TODAY“. Then, all went blank on the screen.

The IT staff are responding but unable to react quick enough. Your IT systems are completely shut down, inaccessible, held for ransom. Productivity has slowed to a snail’s pace and the increased effort leads to increased costs. The public now finds out about the successful attack or breach, your company’s reputation now takes a hit.

Then, your customers and vendors are affected by the breach.  Cyber-attackers have found their way into your financial information and then your customer’s/vendor’s financial/transactional data. And that’s how it starts.

Cyber-criminals knock on as many doors as possible, they assume you’re one of those small- to medium-sized businesses who’s “waiting till next year” to address their emailweb and data security. 

Cyber-criminals thrive because of the lack of on-going IT security initiatives this year, not next year.  Cyber-criminals look for any open door, any weak spot.  They simply won’t stop.  They’re developing new threats, sophisticated threats that learn from their mistakes utilizing AI and machine learning. 

These new, cultured threats only exacerbate the problem and relish in our laziness. 

Here are just a few statistics published on hackmageddon.com that demonstrate the stark reality of today’s malware cyber threats:

 

  • 155 events in April 2019, a 10% increase compared with March, when this number was 141
  • Top Three Attack Motivations – In April, Cyber Crime ranked #1 with a slight increase (81.9%) compared to 79.4% recorded in March 2019. Cyber Espionage was 14.2% and Cyberwarfare dropped to 2.6% (from 4% in March 2019)
  • Top Three Attack Methods in April 2019 – Ransomware, Account Hijacking and Targeted Attacks

There is also the Top 10 Malware Activity to consider, published by cisecurity.org it accurately portrays the collection of dangerous malware variants that led to more than half of all malware notifications sent in January of 2019:

 

The MS-ISAC Top 10 Malware

    1. Emotet
    2. WannaCry
    3. Kovter
    4. ZueS
    5. Dridex
    6. IcedID
    7. Gh0st
    8. Mirai
    9. NanoCore
    10. Pushdo

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

So, we understand there’s a constant threat. Malware and ransomware are working harder than ever to get inside your IT security perimeter. We also realize the threat is getting smarter, banking on our vast gullibility to make a mistake. That mistake may likely come in the form of a dismissive delay, a “wait till next year” mentality.  But be forewarned, stifle being (pro)active about your IT security for yet another year and the results could be disastrous.

 

Why assume that risk for yet another year?

 

One misstep, like the urgency over an invoice attached to an innocuous email could open the door for a cyber-criminal. Now repeat that a million, gazillion times. Because that’s how often business gets done over email.  As of 2018, there are about 124.5 billion business emails sent each day, the average office worker receives 121 emails per day. Add in the growing number of SMBs in the US market alone. That’s one appetizing bowl of fresh meat for any cyber-criminal.

So, what can SMBs do to reduce the risk of cyber-crime?

Start a conversation about your needs and then, act. First and foremost, uncover where you are vulnerable in relation to your IT security.  Listen to experts in your field who are well-trained and certified/accredited to provide the right IT security solutions.

 

These things involve time, but I can assure you that talking about your IT security and beginning to act is far better than delaying it till next year. Those few initial steps are crucial; it means you are acting and simply not reacting to a potential cyber-related event at your SMB.  It displays you’re being proactive about your businesses’ defenses, data and e-communications.

Critical infrastructures – probably the most vulnerable point of a country

Critical infrastructures – probably the most vulnerable point of a country

What happens when there’s no more electricity? Food and essential medicines can no longer be cooled, life-supporting appliances in hospitals fail, the lights go out and the streets sink into chaos. A scenario that seems unimaginable. But the danger exists. Cyber-criminals are increasingly targeting vulnerable facilities that form the basis for the common good – critical infrastructures.

The president of the german Federal Office for Information Security Arne Schönbohm also sees operators of national water and power plants or, for example, the pharmaceutical industry increasing in the focus of professionalized cyber-attacks. Why? Manipulation of operating procedures in these economic sectors could put the population at risk. Protective measures for internal IT should have a high priority.

In the following, we will take a look at the critical infrastructures and give an outlook on the enormous consequences of a cyber-attack on these sensitive organizations.

A critical matter

Critical infrastructures include organizations or institutions that play an important role for the state community. They provide services or products that consumers and businesses depend on. These include facilities in energy sectors, IT and telecommunications, health, water, nutrition, transport, finance and insurance, government and administration, as well as media and culture.

Critical infrastructures are considered particularly sensitive regarding their IT infrastructure, which is why the government wants to protect them especially with the IT security law that came into force in July 2015. Operators must report faults in their IT systems and allow them to be checked regularly. The aforementioned sensitivity of the systems resulted from the fact that most of them were developed in the distant past. IT security aspects were not considered from the outset, but physical security aspects, such as the construction of highly complex fencing systems and the provision of security personnel, were initially pursued.

Another reason for this was the separation of IT systems from Internet access. However, digitization has not simply passed by. It has led to considerable changes in recent years. For example in modern industrial companies many machines, devices, and employees are now connected to the Internet. There are many advantages that arise within the networking, but there are also disadvantages that are significant: Critical infrastructures are thus even more vulnerable to cyber attacks.

Danger of a total Blackout

The extent of a cyber attack on critical infrastructures shows an unprecedented attack on Ukraine’s electricity grid in 2015. Hackers paralyzed the entire electricity supply. Households remained in the dark for hours, hospitals had to access emergency power generators. The hacker attack was allegedly carried out by state actors who sabotaged the country’s power supply with the help of the malware ‘Industroyer’. In 2017, a Saudi Arabian power plant fell victim to hackers. The aim of the attack was probably to destroy the plant.

The attack was discovered purely by chance. In this way, worse things could be prevented. According to media reports, the attack took place via a security system that is used worldwide in oil and gas power plants as well as in nuclear power plants – also in Germany. The Triton code used in the attack was published on the Internet shortly afterwards. This created the basis for further attacks by experienced hackers. According to their own statements, security researchers were able to locate another attack with the Triton code in April 2019. However, it remains unclear when the attack took place and which system was in focus. During their investigations, the researchers came to the conclusion that the attackers wanted to cause physical damage. This would also suggest that further operators of critical infrastructures were being targeted. For this reason, the researchers have made details of the detected malware public in order to support IT managers in detecting and preventing it.

Past events are worrying. But a good sign is the increasing awareness of IT security within critical infrastructures. For example disaster control has praised the growing IT security.

The worst case: cyber attack on operators of critical infrastructur

However, this does not mean that the topic is off the table for a long time, but rather that it is intended to sensitize people to the further establishment of security measures. What if this was the case? We are starting from the worst case scenario: A cyber attack turns the power off in Germany. According to Schönbohm, the network and energy supply is an attractive target for paralysing an entire country. According to this, extensive supply bottlenecks would arise in the event of a longer and larger power outage. This also raises concerns in the field of disaster control. Let us take a closer look at a possible attack scenario

The cyberkillchain

An attack extends over a total of seven steps, which are combined in a so-called Cyberkillchain. The concept of the attack chain has its orign in the military and was transferred to the IT sector.

An attack of a ransomware expires in the following steps:

  1. Reconnaissance
  2. Weaponization
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command & Control
  7. Actions on objective

Reconnaissance: Identification of the target

There are basically two types of attacks: targeted and mass attacks. Killchain is mainly about targeted attacks. First, the target is chosen. As much information as possible is collected to find out how the company is set up and if there are gaps that could be used for intrusion. In focus, are usually employees that share a lot of information about themselves: contact details, job titles, holiday plans and more. Once the right vulnerability has been found, the next step is taken.

Weaponization: Preparing the attack

The attacker selects a suitable tool depending on the desired goal and the planned procedure – if possible it should be perfidious. Often an encryption trojan is the best solution, which keeps itself covered at first and collects further information. Many of these codes are freely available in darknet.

Delivery: first steps to execute the attack

In this phase the criminal has to choose a distribution channel. The criminal can use a CD-ROM, an USB-stick, or the classic email. Particularly popular are phishing e-mails that either link to a malicious website or contain an infected document that the recipient is supposed to open. The advantage of the phishing method takes us directly to the next step.

Exploitation: Detection of security vulnerabilities

The lack of awareness of employees is a popular incidence vector. Keyword “social engineering”: Phishing, CEO fraud, or whaling are used to exploit the uncertainty and ignorance of employees to get into the system. But also open attack surfaces can lie in technology, such as unpatched security holes in programs used throughout the company.

Installation: Implementation of a backdoor

Logically, no pop-up will appear once the malware has been installed. The installation runs hidden and without the knowledge of the user. The malware nests and waits for its big moment.

Command & Control: Remote control of the target system

To keep control of the malware, the remote desktop protocol can be used for remote access. Remote control is essential to achieve the actual goal. It is now even possible to use artificial intelligence so that the malware can perform self-learning actions, such as reloading other malware or spying on personal data.

Actions on objective: Achievement of objectives

The great moment has come, and the attacker can make his action concrete after the complete infiltration of the system. In our case the power supply is switched off. It can take several years until the malware is executed or detected.

From the killchain it becomes clear that the prevention and defense against sophisticated cyber-attacks is only possible with special tools and a strong and regular sensitization of employees. These include services that can detect perfidious and complicated malware such as advanced persistent threats with special analysis engines, freezing and sandboxing.

The fact is, that cyber-attacks will continue to increase and protection measures must be taken at an early stage.

In summary, cyber-attacks on critical infrastructures can pose a threat to national security. An attack on the energy network or the water supply can have consequences that could not only result in financial losses, but could also completely change life as we know it.

Business email compromise: threat grows dramatically

Business email compromise: threat grows dramatically

Encrypted malicious attachments, phishing and fake application mails are known attack methods used by cyber criminals to deliver malware such as ransomware into corporate systems. Once in the system, malware can cause losses of millions of dollars through encrypted corporate documents, theft of relevant files and information, or a slowdown of business processes through illegal crypto mining. Sophisticated filter systems for the detection of hidden malware make the way into a company’s system increasingly challenging for cyber criminals.

Therefore, the focus of cyber criminals is shifting more and more to the human vulnerability: They address employees of selected companies with simple but very individual and strictly textual email messages – this procedure is known as business email compromise (BEC). The Hornetsecurity Security Lab has been recording a significant increase of this type of attack for around 1 ½ year now.

What is business email compromise?

Large sums of money are fraudulently transferred to an external account, important internal company and access data as well as other confidential information leave the company unnoticed – without any malware being introduced. With a BEC, a hacker relies on special insider knowledge as opposed to simple spam. Known names and email addresses of employees or customers as well as current signatures and disclaimers make a fake email appear authentic.

By using fake email addresses similar to the one of the CEO, a customer or a clerk, the cybercriminals send a short, purely text-based email specifically to a selected employee. The display name is shown exactly as it would appear in an email from the actual person. This makes it difficult to detect the fraud behind it.

What do cybercriminals do?

In the first email, the cyber criminal gets a feel for the subject. The alleged CEO or supervisor addresses an urgent concern to a target person in a company. The criminal asks for a quick written answer by email, because the boss is allegedly in a meeting or cannot be reached by telephone. The hacker puts the recipient under pressure in terms of time and psychology to veil the fraud.

If the criminal receives an answer, he becomes more precise in a second message: The alleged superior requests the transfer of a certain amount of money to the account of an alleged customer, business partner or service provider. But not only financial resources are captured in this way. The hackers can also get internal company data as well as information to misuse them for other purposes. The CEO fraud is the best-known cyber criminal procedure to date but the fraud of the business email compromise can occur in different ways:

  • The hacker masquerades as a company’s customer and announces a change in payment information to trigger future transactions to the attacker’s account.
  • Covered with an employee’s alleged email address, the cyber criminal sends invoices to the company’s customers.
  • Using a lawyer’s compromised email account, pressure is put on a targeted recipient within a company to make a payment or return information.

Current risk situation

According to the FBI’s latest internet crime report, the business email compromise along ransomware, banking trojans and phishing is responsible for much of the world’s financial losses caused by cyber crime. In 2018, the fraud caused by fake emails led to global losses of around 1.2 billion dollars. And the threat posed by BEC is expected to persist and even increase.

Once a company is affected, it is very likely that this type of attack will be repeated. Any additional internal information unknowingly sent by an employee via email makes more fake emails look even more authentic“, said an expert from the Hornetsecurity Security Lab. „Every month, we see an increasing number of incoming emails in which cyber criminals try to impersonate real employees or customers. And each time, the method becomes more sophisticated: in some cases, the logo, disclaimer and signature of the targeted company are reproduced one-to-one. The recipient of such a fraudulent email needs to know exactly what to look out for.

Which companies are largely affected?

Cyber criminals often target large and internationally operating companies via business email compromise. Information about people in certain administrative positions is easy to find out, logos or current market activities are usually accessible on the internet. In addition, international financial transactions are not uncommon and in large companies, there is a high probability that employees have never met in person and the simple exchange of emails is a normal part of everyday working life.

In 2015, the German cable specialist Leoni AG became a victim of such a fraud. Cybercriminals betrayed the company by around 40 million euros. The globally known social network Facebook and the Google Group were also robbed of a total of 100 million US dollars for more than two years. This became known in 2017, when the fraud was discovered and made public by the US American magazine Fortune. According to the FBI’s report, the current focus is on real estate companies.

How can comanies protect themselves against it?

The Hornetsecurity Security Lab assumes that the business email compromise will remain one of the biggest cyber threats in the future: „Classic anti-phishing or spam services fail to recognize BEC emails due to their generic content. We offer our customers highly customizable and complex anti-fraud protection to ensure the highest level of security. Consequently, we receive only positive feedback from companies using our targeted fraud forensics engines. “ Precisely targeted engines verify the authenticity and integrity of metadata and email content. They identify specific content patterns that suggest fraudulent email. This prevents fake emails from reaching your inbox. Even trainings which additionally draw employees’ attention to the characteristic elements of a business email compromise can put a stop to the growing danger.

Industry 4.0 – how secure is the production of the future?

Industry 4.0 – how secure is the production of the future?

The digital transformation is increasingly reaching the industrial sector: machines and systems are networked. Due to the automatic and digital handling of production processes information is transparent and available at anytime, anywhere. The fourth industrial revolution has begun.

But what advantages does industry 4.0 really offer companies? And what can happen if cyber-criminals use total networking for their benefit?

An informative and detailed blogpost awaits you – but you want to get straight to the point? Go directly to…

The dawn of a new age

Let’s start with industry in its most original form: industry 1.0. For the first time, goods were produced with machines. In industry 2.0, electrical energy made mass production possible. Manufacturing processes automated by computer-aided electronics characterize industry 3.0.

Today, we speak of industry 4.0: The complete networking of production plants and systems via information and communication technology. Production machines communicate with each other and organize themselves. This makes the production more flexible, dynamic and efficient. The interconnectivity makes it possible to track the entire production life cycle.

Converting to a smart factory confronts many companies with challenges in terms of infrastructure and security. Networked sensors, machines and systems create new targets for cyber criminals. Infections with malware, extortion, break-ins via remote maintenance access and human misconduct are major threats to smart factories.

Industry 4.0 was the number one trend theme at Hannover Messe 2019.

Advantages of the industrial revolution

Let’s first take a look at the advantages of smart factories: One of the most particular advantages is process optimization. Networking makes information available in real time the use of resources can be checked more quickly and thus adapted more efficiently.

Each production step can be monitored, coordinated, and planned from any location. The exchange of information between the machines not only functions at the production site, but also worldwide. In this way, everyone involved in the production process can obtain information on the product from any location.

The transparency of the manufacturing processes enables companies to produce with more flexibility, because those involved have an overview of the production – processes can be adapted quickly and efficiently in the event of changes. In addition, the systems share information with the company’s employees – because people continue to play an important role, despite increasing digitalization. In this way, everyone involved in the production process can obtain information on the product from any location.

Industry 4.0 creates enormous competitive advantages and growth opportunities for companies. According to the BDI (The Voice of German Industry), experts forecast productivity increases of up to 30 percent in 2025.

 

Intelligent sensors – the sensory organs of machines

 

Intelligent sensors are a prerequisite for a smart factory. They monitor and control processes and ensure reliability in production. In addition to recording measured variables, they must also process signals.

But what makes the sensor intelligent? Sensors of an industrial 4.0 factory are connected to the hardware via IO-link technology. This makes them active participants in the factory’s automation network. The smart sensor is equipped with special software that enables it not only to acquire data, but also to evaluate it. It only passes on the relevant data and functions as a sensory organ of the machines. For example, it can detect anomalies in the process caused by vibrations before any damage occurs to the production plant. The collected sensor data information can be made available in a data pool such as the cloud.

Despite all the process optimizations that are possible, the connection of the sensors to the network is a weak point. A security breach that cyber-criminals can use for attacks.

 

The smart factory needs external IT infrastructures

 

In order for companies of any size to be able to use the full bandwidth of industry 4.0, high computing power is required. This is where cloud computing comes into play. With cloud computing, IT infrastructures don’t need to be used on the local computers but in an outsourced, usually redundant network.

Especially in the context of industry 4.0, technologies such as the cloud are becoming indispensable for companies. Total networking and the use of smart sensors generate large amounts of data. The cloud enables companies to permanently access the collected data from the production process from any location. In industry 4.0, it serves as a platform for storing data in real time and offers companies worldwide secure networking of systems and facilities.

The data cloud has established itself in the IT environment. According to Bitkom, three-quarters of companies already use outsourced IT infrastructures because the cloud makes it easy to introduce new IT systems. Especially when entering industry 4.0, companies need flexible solutions for storing and processing their data.

The target of cyber-criminals: Attacks from inside and outside

The security aspect inhibits companies from entering industry 4.0 because the threats posed by cyber-attacks are no longer invisible. The World Economic Forum asked participants about the probability and influence of global threats – cyber-attacks find their place in both top 10 lists, alongside natural disasters, water crises and epidemics. .

The networking of people and machines in the entire production process is increasing the attack surface for cyber-criminals. Technical, organizational, and human deficits in companies can open various doors for cyber-attacks.

External attacks usually take place via the Internet. Due to the initial connection of outdated IT systems within the internet, large security gaps arose that were undetected by cyber-criminals. Remote maintenance accesses can also create loopholes through which harmful data can enter. The consequences are devastating: hackers can manipulate the production, steal data, and blackmail companies. There is also a risk that cyber-criminals could gain access to the control of machines or paralyze the company’s internal energy network.

Internal security cannot be ignored either. Hackers take advantage of human vulnerabilities through social engineering, and make employees inadvertently infiltrate malware or ransomware into the corporate system via email. These are transferred to IT systems and spread over the entire production process.

Cyber-criminals become more creative and the scale of their attacks, especially in networked systems, gets increasingly devastating. In March, a cyber-attack was launched on the Norwegian aluminium group Norsk Hydro. Hackers introduced ransomware into the company’s IT systems. The internal networking affected IT systems of almost all business areas and the global network was paralyzed. According to Spiegel Online, the company has become a victim of the ransomware LockerGoga which encrypted numerous files of the company. 

Industry 4.0 Infografic

The cyber-criminals behind the decryption demanded a ransom in the form of crypto-currency. In order to protect itself against the spread of malware, the company switched the production to manual operation, which led to restriction.

As a result of the hacker attack, Norsk Hydro suffered losses of over 30 million euros. However, the international aluminum producer is only one of many industrial companies: According to the IT association Bitkom, eight out of ten industrial companies in Germany fall victim to cyberattacks.

 

Security: the key to a successful entry into industry 4.0

 

Half of all machines in every tenth German company is already networked via the internet. But the vision of the fourth industrial revolution was built on old security protocols. To comprehensively protect smart, networked factories from cyberattacks, companies need a multi-level security concept that not only protects industrial networks, but also the cloud and the data volumes stored in it. The industry sector is an attractive target for cybercriminals because of its high economic power and its importance in the supply chain. Hackers use a large pool of attack vectors to penetrate the corporate system.

Email is also the main gateway in this area: It is the primary way of communication in companies worldwide. A professionally designed fraud mail is not easy to detect, and so access data or other sensitive information unintentionally leaves the company and ends up directly with the cybercriminals who exploit it for further action. With paying more attention to the increasing global cybercrime activities, high financial losses and physical damages can be limited and prevented. All the reports of attacks on industrial enterprises show, that the digital progress not only involves advantages – it is important to think about the resulting security gaps.

Sources