Industry 4.0 – how secure is the production of the future?

Industry 4.0 – how secure is the production of the future?

The digital transformation is increasingly reaching the industrial sector: machines and systems are networked. Due to the automatic and digital handling of production processes information is transparent and available at anytime, anywhere. The fourth industrial revolution has begun.
But what advantages does industry 4.0 really offer companies? And what can happen if cyber-criminals use total networking for their benefit?
An informative and detailed blogpost awaits you – but you want to get straight to the point? Go directly to…

The dawn of a new age

Let’s start with industry in its most original form: industry 1.0. For the first time, goods were produced with machines. In industry 2.0, electrical energy made mass production possible. Manufacturing processes automated by computer-aided electronics characterize industry 3.0.
Today, we speak of industry 4.0: The complete networking of production plants and systems via information and communication technology. Production machines communicate with each other and organize themselves. This makes the production more flexible, dynamic and efficient. The interconnectivity makes it possible to track the entire production life cycle.
Converting to a smart factory confronts many companies with challenges in terms of infrastructure and security. Networked sensors, machines and systems create new targets for cyber criminals. Infections with malware, extortion, break-ins via remote maintenance access and human misconduct are major threats to smart factories.
Industry 4.0 was the number one trend theme at Hannover Messe 2019.

Advantages of the industrial revolution

Let’s first take a look at the advantages of smart factories: One of the most particular advantages is process optimization. Networking makes information available in real time the use of resources can be checked more quickly and thus adapted more efficiently.
Each production step can be monitored, coordinated, and planned from any location. The exchange of information between the machines not only functions at the production site, but also worldwide. In this way, everyone involved in the production process can obtain information on the product from any location.
The transparency of the manufacturing processes enables companies to produce with more flexibility, because those involved have an overview of the production – processes can be adapted quickly and efficiently in the event of changes. In addition, the systems share information with the company’s employees – because people continue to play an important role, despite increasing digitalization. In this way, everyone involved in the production process can obtain information on the product from any location.
Industry 4.0 creates enormous competitive advantages and growth opportunities for companies. According to the BDI (The Voice of German Industry), experts forecast productivity increases of up to 30 percent in 2025.
 

Intelligent sensors – the sensory organs of machines

 
Intelligent sensors are a prerequisite for a smart factory. They monitor and control processes and ensure reliability in production. In addition to recording measured variables, they must also process signals.
But what makes the sensor intelligent? Sensors of an industrial 4.0 factory are connected to the hardware via IO-link technology. This makes them active participants in the factory’s automation network. The smart sensor is equipped with special software that enables it not only to acquire data, but also to evaluate it. It only passes on the relevant data and functions as a sensory organ of the machines. For example, it can detect anomalies in the process caused by vibrations before any damage occurs to the production plant. The collected sensor data information can be made available in a data pool such as the cloud.
Despite all the process optimizations that are possible, the connection of the sensors to the network is a weak point. A security breach that cyber-criminals can use for attacks.
 

The smart factory needs external IT infrastructures

 
In order for companies of any size to be able to use the full bandwidth of industry 4.0, high computing power is required. This is where cloud computing comes into play. With cloud computing, IT infrastructures don’t need to be used on the local computers but in an outsourced, usually redundant network.
Especially in the context of industry 4.0, technologies such as the cloud are becoming indispensable for companies. Total networking and the use of smart sensors generate large amounts of data. The cloud enables companies to permanently access the collected data from the production process from any location. In industry 4.0, it serves as a platform for storing data in real time and offers companies worldwide secure networking of systems and facilities.
The data cloud has established itself in the IT environment. According to Bitkom, three-quarters of companies already use outsourced IT infrastructures because the cloud makes it easy to introduce new IT systems. Especially when entering industry 4.0, companies need flexible solutions for storing and processing their data.

The target of cyber-criminals: Attacks from inside and outside

The security aspect inhibits companies from entering industry 4.0 because the threats posed by cyber-attacks are no longer invisible. The World Economic Forum asked participants about the probability and influence of global threats – cyber-attacks find their place in both top 10 lists, alongside natural disasters, water crises and epidemics. .
The networking of people and machines in the entire production process is increasing the attack surface for cyber-criminals. Technical, organizational, and human deficits in companies can open various doors for cyber-attacks.
External attacks usually take place via the Internet. Due to the initial connection of outdated IT systems within the internet, large security gaps arose that were undetected by cyber-criminals. Remote maintenance accesses can also create loopholes through which harmful data can enter. The consequences are devastating: hackers can manipulate the production, steal data, and blackmail companies. There is also a risk that cyber-criminals could gain access to the control of machines or paralyze the company’s internal energy network.
Internal security cannot be ignored either. Hackers take advantage of human vulnerabilities through social engineering, and make employees inadvertently infiltrate malware or ransomware into the corporate system via email. These are transferred to IT systems and spread over the entire production process.
Cyber-criminals become more creative and the scale of their attacks, especially in networked systems, gets increasingly devastating. In March, a cyber-attack was launched on the Norwegian aluminium group Norsk Hydro. Hackers introduced ransomware into the company’s IT systems. The internal networking affected IT systems of almost all business areas and the global network was paralyzed. According to Spiegel Online, the company has become a victim of the ransomware LockerGoga which encrypted numerous files of the company.
Industry 4.0 Infografic
The cyber-criminals behind the decryption demanded a ransom in the form of crypto-currency. In order to protect itself against the spread of malware, the company switched the production to manual operation, which led to restriction.
As a result of the hacker attack, Norsk Hydro suffered losses of over 30 million euros. However, the international aluminum producer is only one of many industrial companies: According to the IT association Bitkom, eight out of ten industrial companies in Germany fall victim to cyberattacks.
 

Security: the key to a successful entry into industry 4.0

 
Half of all machines in every tenth German company is already networked via the internet. But the vision of the fourth industrial revolution was built on old security protocols. To comprehensively protect smart, networked factories from cyberattacks, companies need a multi-level security concept that not only protects industrial networks, but also the cloud and the data volumes stored in it. The industry sector is an attractive target for cybercriminals because of its high economic power and its importance in the supply chain. Hackers use a large pool of attack vectors to penetrate the corporate system.
Email is also the main gateway in this area: It is the primary way of communication in companies worldwide. A professionally designed fraud mail is not easy to detect, and so access data or other sensitive information unintentionally leaves the company and ends up directly with the cybercriminals who exploit it for further action. With paying more attention to the increasing global cybercrime activities, high financial losses and physical damages can be limited and prevented. All the reports of attacks on industrial enterprises show, that the digital progress not only involves advantages – it is important to think about the resulting security gaps.
Sources
“For your safety” – Beware of fake ING-DiBa emails

“For your safety” – Beware of fake ING-DiBa emails

Cybercriminals are currently trying to obtain sensitive data from ING-DiBa customers with dubious fake emails. The fake email claims that a problem has occurred during a routine security check of the online banking system. It advises that customers should immediately log on to an external website to avoid troubles with their bank.
However, in reality, this is a phishing attack that tries to collect personal information. In the following blog article, you will learn in detail how to protect yourself from fake emails or phishing attacks.

The fake email from our example

Fake E-Mail

A German ING-DIBA fake email (click for zoom)

The adjacent picture shows the detailed structure of the fake email – allegedly sent by ING-DiBa – in an iPhone mailbox. In fact, the email is part of a mass phishing attack and the message was sent fraudulently to a variety of email recipients.
For example, the subject line states “For Your Safety (Reference Number: xyz)”, and the presumable arbitrary order of the combination was set to “kx5qrvnzx3h” in this case. Before we blackened the personal information for reasons of data protection, we noticed that both the recipient’s address and the sender’s address had the same information. This was already a first indication of a fake email.
This scam is not uncommon amongst perpetrators when it comes to gathering information about their randomly selected victims via phishing. Those affected are especially inclined to follow the attached link if the phishing or fake email is opened on a mobile device, as it is in this case. This is particularly true if they are actual customers of the bank mentioned in the email.
In everyday life, too, recipients of phishing emails are also quick to follow the link when receiving such an email. The attacker offers the targeted person appropriate options in case a recipient does not have an account with ING-DiBa. In our example, the recipient has the opportunity to follow a flashy red button and allegedly communicate that he is not a customer of ING-DiBa. The destination of the link, however, is a phishing website, which is intended to tap user data in a big way from the mostly unsuspecting victims. The fake security notification of ING-DiBa is not an isolated case.

6 tips to detect phishing or fake emails

With the following tips, you will be able to detect phishing or fake emails to protect yourself from being affected by such attacks.

Feature No. 1: The salutation

It is striking that either a standard phrase is used to address the target person, or the salutation is completely missing. Very rarely recipients of phishing emails are addressed with their whole name. This is due to the fact that fake emails are not isolated cases, but often automated emails which are sent out millions of times. Individual addresses are rather the exception. In our example there was no address at all.
Once the victim has entered his details into the according form fields and pressed the confirmation button, the cybercriminal is in possession of the login details. Now he can make orders in online shops under false names or get access to sensitive account or company data. The phishing attack has been successful.
Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.

Feature No. 2: Content of the email

A phishing mail is contextually designed to hide the true intentions towards the recipient at least until he first clicks on one of the attached links. These following baits are very popular with cyber crooks:
  • Fake emails in the form of alleged PayPal security notifications
  • Phishing emails which seem to come from banks or other institutions
  • Fake email notifications that seem to come from Amazon or Ebay
  • Fake security issues in social media accounts that need to be resolved promptly
This shows that cybercriminals are very creative when it comes to fooling their victims.

Feature No. 3: The call to action

Once the attacker has created and sent out his fake email, he urges the recipient to act. In this specific case, the targeted person is initially led to an external page by clicking on a link. This page usually resembles closely the login area of a bank, an online retailer or any other company that offers certain Internet services.

Feature No. 4: The time shortage

An effective means often used by attackers is the limitation of time. This is an attempt to put the victim under stress and distract it. In our example, this is stated as follows: “Please log into your account as soon as possible to avoid any delay in your banking activities.”
Fear-spreading phrases in the subject line, such as “Your account has been suspended” or “An amount has been debited from your account” are also quite popular and common. These sentences cause some recipients to panic, so they follow the attached link without much thought.

Feature No. 5: Questionable buttons and links

In order to successfully carry out the process of phishing, a related link in text or button form is part of the standard repertoire of any phishing or fake email. This is also the case in our example.
Therefore, when it comes to questionable security queries that have a link, we recommend that you do not access these links from your email program. Instead, you should always directly log in to your user accounts via a browser or via the official website of the provider. This applies to online services of any kind.

Feature No. 6: This is how reputable companies and institutes work

As far as the detection of phishing emails or fake emails is concerned, it should always be remembered that reputable companies or institutes would never ask you to disclose personal information via email.
For this reason, various banks regularly point to the problem of fake emails or the so-called phishing mails. One bank states for example:
“Volksbank Raiffeisenbank or BVR will never ask bank customers for personal information such as PIN or account number via email. Neither will we insert a link to online banking in emails or ask bank customers to make test or remittance transfers. These practices are always indicators of attempted fraud.” (Source: Volksbank Raiffeisenbank)
Therefore, you can delete such an email immediately. This is ultimately the simplest way to counter a phishing attack.

Additional service information

The forecast for resellers: bright and sunny thanks to the cloud!

The forecast for resellers: bright and sunny thanks to the cloud!

The challenges are high but rewarding for system houses that focus on cloud-based services.

  It is still common belief by some CEOs that cloud computing is a side issue that only progresses slowly. In reality, cloud-based technology has rapidly progressed – it is already well-established in a large number of companies. And the market continues to grow. According to market researcher ISG, the German market for public cloud services has grown annually at about 26%. Resellers have already begun to feel the consequences of this development, especially those that still offer traditional IT services. They need to rethink their market strategy to keep pace with a shifting marketplace.   Many resellers are on the right track and have expanded their portfolios by including managed services like the Spamfilter Service or Advanced Threat Protection from Hornetsecurity. IT channels are also rapidly consolidating, as the buyout of Exabyters by Telcat prove (both are Hornetsecurity partners!).  This merger represents the future of the IT channel which constantly needs to find new fields of business and offerings. Telcat plans to take over Exabyters‘ 30 employees and increase the managed service staff to 150 employees in the coming years.  
Hornetsecurity News

Stay in touch

Sign up to get the latest News about Cloud Security.

Save costs, time and effort with cloud services

  And there are good reasons for the growth of cloud-based solutions.  Through cloud-based services, enterprises can drastically reduce both their internal hardware and software requirements which leads to saving time and money for IT administrators. IT managers are now able to concentrate on their core competences and projects. They can also develop their department to be more flexible by scaling their outsourced activities much more easily. Concerns about cloud services creating a lack in data security and losing control are minimized by waterproof contractual agreements and a continuous growth of professionalization of the providers.   While companies largely benefit from cloud services, resellers seeking to reorganize their portfolio will face massive changes in their organization, logistics and processes. First, there is the change from typical contracts with an annual or even multiannual duration to monthly contracts. Consequently, the cashflow will naturally change from large single payments to small monthly payments. This adjustment holds some advantages, as there will be a steady regular cashflow.

Changes can be hard but rewarding

Beyond that, resellers need to bring their service mentality to the next level, as customers are expecting a higher service quality when using cloud-based services. For example, they demand a very high quality of service, which ideally is available 24/7 on both a technical and sales level. For this, server capacities need to be created or increased, employees trained for the new services and possibly working in shifts. So, many challenges that require a huge amount of planning, assertiveness and even capital investment, wait for resellers.   Nonetheless, the struggle can pay off.  Simply relying on existing technologies and not preparing for the future has rarely paid out, although in the future there will remain niches that resellers could occupy. The cloud with all its disruptions of prevalent technologies cannot be stopped. Channel executives should not evaluate the situation wrong, otherwise they will end like German emperor Wilhelm II., who is alleged to have said, “I believe in the horse. The automobile is only a temporary occurrence.“
Security breach in Microsoft Office – Hornetsecurity filters harmful documents

Security breach in Microsoft Office – Hornetsecurity filters harmful documents

A short while ago, security experts discovered the security breach CVE-2017-11882 in the Microsoft Office suite. Microsoft reacted quickly and closed the breach with a security update. Due to the publication of the exploit, however, attackers are now aware of the breach and target systems that haven’t been patched yet.   All Office versions besides Office 365 are affected by the security breach. The exploit is located in the Equation editor of Microsoft, which is a former version of the formula editor. It uses a buffer overflow which allows the attacker to execute his hazardous code on the user’s system. Through this, it is possible to download malware from the Internet and to install them.   Breach existed for 17 years   The Equation editor was compiled in 2000 and since then never reconditioned. Due to this, it is not fulfilling current security standards and allows a buffer overflow to happen which leads to the exploit. Even though the causing formula editor was replaced in Office 2007, it is still part of the package in order to ensure backward compatibility with older document versions, where the 17-year-old piece of software is needed to display and edit mathematical formula.   The only interaction necessary for the exploit to be executed is for a user to open the infected document. After that, the hazardous code will be executed automatically. Only the protected view, the so-called sandbox of the Office programs, is prohibiting its execution.   Hornetsecurity detects exploit in documents   Since the security breach was published, attackers are increasingly trying to distribute infected Office documents using the exploit. However, Hornetsecurity adapted its filters so it can detect infected documents before they appear in the mailbox. Nevertheless, we advise you to perform the security update as soon as possible.  
Attack of the encryption trojan Bad Rabbit

Attack of the encryption trojan Bad Rabbit

Some time has passed since the last huge wave of ransomware attacks has been detected. Now, a new type has appeared and it is causing considerable damage. Especially in Eastern Europe and Russia the trojan was successful and infected several companies. But Germany has seen those attacks, too. The malware Bad Rabbit, named after a specific site in the darknet, where the victims are supposed to pay the ransom. It encrypts local data and demands 0,05 Bitcoins to provide the decryption key. Considering the recent change rates this amounts to 293 USD or 255 Euro.

Down the Rabbit-Hole

The crypto-trojan spreads mainly through compromised news sites. By using so called watering hole attacks, the cyber criminals can target certain user groups and companies. If a user visits an infected website, an automated drive-by-download is initiated and a forged Adobe Flash update is downloaded. As soon as this file is executed, Bad Rabbit enters the system and all data are encrypted after a forced reboot of the computer.
   
Bad Rabbit Trojaner

Payment page in the TOR network

  Click on the image to enlarge     Like WannaCry and Petya before, Bad Rabbit can spread within a network. However, instead of using the EternalBlue exploit in the Version 1.0 of the SMB protocol, the malware infects other computers through the Windows Management Instrumentation (WMI). To prevent a local distribution of Bad Rabbit, it is advisable to deactivate WMI if it is not in use.

Hornetsecurity recognizes the malware and protects with URL rewriting

The URL rewriting feature of Hornetsecurity Advanced Threat Protection recognizes Bad Rabbit on compromised websites and blocks it. Using Hornetsecurity ATP, you can continue clicking on news links in your emails without fearing to catch the malware.  

Our recommendations

Nevertheless, we recommend you to create backups on a regular basis and to not download unknown files or even execute them. Especially Adobe Flash updates should only be downloaded from the software producer itself. In case of an infection, do not pay the ransom, because it is unclear whether you will receive the keys necessary to recover your files.
Ransomware attacks and its consequences: How Cryptotrojans endanger the existence of companies

Ransomware attacks and its consequences: How Cryptotrojans endanger the existence of companies

The fact should be well-known by now that ransomware attacks can lead to extremely unpleasant consequences for affected companies. Yet only few people know that Trojans have already threatened the existence of some enterprises or even drove them into bankruptcy. This article will highlight possible worst-case scenarios of a ransomware attack by an encryption virus.   It must be the ultimate nightmare for every enterprise: an employee is catching an encryption virus upon his computer. Subsequently, it won’t take long before bugs like the Trojan encryption virus has spread throughout the whole company’s network.   A similar case occurred to the biggest ocean carrier for container shipping worldwide: A. P. Møller Maersk. As the Danish group of companies communicated on Twitter they had to undergo a massive global breakdown of their IT systems.    
Twitter

By loading the tweet, you agree to Twitter’s privacy policy.
Learn more

Load tweet

    According to the German Federal Office for Information Security BSI (= Bundesamt für Sicherheit in der Informationstechnik) that malware was the Cryptotrojan Petya. A. P. Møller Maersk reacted immediately with a partial shutdown of complete systems. This became necessary as the responsible people feared that the attack would have an impact on the navigating systems of the container ships and their safety would be endangered by the Cryptotrojan. Although the exact economic damage yet needs to be evaluated, the multi-day system outage will most likely have caused very high costs.  

Ransomware attacks: which costs arise from an infection with a Cryptotrojan?

  Experts estimate the average downtime caused by a Cryptotrojan attack lasts between 9 to 16 hours (see “Second Annual State of Ransomware Report”). For big enterprises like A.P. Møller Maersk, such outage times can quickly sum up to several million Euros of damage, but also smaller companies can suffer immensely from those consequences. All in all, several cost factors play a role for restoring the operational systems and removing the Cryptotrojan.   First of all, it is the loss of data arising if the affected company did not carry out regular backups in the past or made no backups at all. Editors of the study “Cost of Data Breach” estimated an average amount of 325 Euros for each data record getting lost by a ransomware attack. Thinking about thousands of lost records one can easily imagine the possible cost level for such a huge data loss.   In addition there are costs for analyzing the dimension of the attack. Above all, it has to be examined which units and data had been encrypted by which type of Cryptotrojan. Companies often consult teams of IT experts for an extensive research that may last some days. The costs for this external service can easily shoot up to five-digit amounts.   Additional costs may arise e.g. for lawyers and courts, public relation work and data recovering. Penalties shall be paid to regularity authorities as well as hours of overtime for the employees. Experts have determined an approximate benchmark for hospitals which had also been targeted by a Cryptotrojan. Only within the first week of the attack, the estimated cost level for the damage could amount to values between 630,000 Euros and 1.3 million. Of course, the exact damage sum will just depend on the hospital’s size and the availability of backups.    

One-fifth of all enterprises declare insolvency after a Cryptotrojan attack

  A ransomware attack may lead to a variety of possible effects for the companies concerned. Although most firms follow the experts’ advice not to pay the ransom demanded by hackers, there will be a number of negative consequences – no matter which decision might have been made.   According to an article on the IT platform “Gulli” 20 percent of the companies being targeted by a Cryptotrojan had to stop all operations temporarily. Further 15 % suffered considerable loss of sales. Also 25 % of the companies were not able to identify the gateway. Therefore, the bug could easily spread over the complete network.    

Only correct prevention can avoid trouble

  If bugs like a Cryptotrojan have once entered the company’s network, it would both be expensive and costly to restore the contaminated systems. The negative effects of a ransomware attack can only be avoided by adequate preventive measures. That’s why Hornetsecurity Advanced Threat Protection provides a whole bundle of safety mechanisms to protect against all types of selected attacks as well as malware.