Industry 4.0 – how secure is the production of the future?

Industry 4.0 – how secure is the production of the future?

The digital transformation is increasingly reaching the industrial sector: machines and systems are networked. Due to the automatic and digital handling of production processes information is transparent and available at anytime, anywhere. The fourth industrial revolution has begun.

But what advantages does industry 4.0 really offer companies? And what can happen if cyber-criminals use total networking for their benefit?

An informative and detailed blogpost awaits you – but you want to get straight to the point? Go directly to…

The dawn of a new age

Let’s start with industry in its most original form: industry 1.0. For the first time, goods were produced with machines. In industry 2.0, electrical energy made mass production possible. Manufacturing processes automated by computer-aided electronics characterize industry 3.0.

Today, we speak of industry 4.0: The complete networking of production plants and systems via information and communication technology. Production machines communicate with each other and organize themselves. This makes the production more flexible, dynamic and efficient. The interconnectivity makes it possible to track the entire production life cycle.

Converting to a smart factory confronts many companies with challenges in terms of infrastructure and security. Networked sensors, machines and systems create new targets for cyber criminals. Infections with malware, extortion, break-ins via remote maintenance access and human misconduct are major threats to smart factories.

Industry 4.0 was the number one trend theme at Hannover Messe 2019.

Advantages of the industrial revolution

Let’s first take a look at the advantages of smart factories: One of the most particular advantages is process optimization. Networking makes information available in real time the use of resources can be checked more quickly and thus adapted more efficiently.

Each production step can be monitored, coordinated, and planned from any location. The exchange of information between the machines not only functions at the production site, but also worldwide. In this way, everyone involved in the production process can obtain information on the product from any location.

The transparency of the manufacturing processes enables companies to produce with more flexibility, because those involved have an overview of the production – processes can be adapted quickly and efficiently in the event of changes. In addition, the systems share information with the company’s employees – because people continue to play an important role, despite increasing digitalization. In this way, everyone involved in the production process can obtain information on the product from any location.

Industry 4.0 creates enormous competitive advantages and growth opportunities for companies. According to the BDI (The Voice of German Industry), experts forecast productivity increases of up to 30 percent in 2025.

 

Intelligent sensors – the sensory organs of machines

 

Intelligent sensors are a prerequisite for a smart factory. They monitor and control processes and ensure reliability in production. In addition to recording measured variables, they must also process signals.

But what makes the sensor intelligent? Sensors of an industrial 4.0 factory are connected to the hardware via IO-link technology. This makes them active participants in the factory’s automation network. The smart sensor is equipped with special software that enables it not only to acquire data, but also to evaluate it. It only passes on the relevant data and functions as a sensory organ of the machines. For example, it can detect anomalies in the process caused by vibrations before any damage occurs to the production plant. The collected sensor data information can be made available in a data pool such as the cloud.

Despite all the process optimizations that are possible, the connection of the sensors to the network is a weak point. A security breach that cyber-criminals can use for attacks.

 

The smart factory needs external IT infrastructures

 

In order for companies of any size to be able to use the full bandwidth of industry 4.0, high computing power is required. This is where cloud computing comes into play. With cloud computing, IT infrastructures don’t need to be used on the local computers but in an outsourced, usually redundant network.

Especially in the context of industry 4.0, technologies such as the cloud are becoming indispensable for companies. Total networking and the use of smart sensors generate large amounts of data. The cloud enables companies to permanently access the collected data from the production process from any location. In industry 4.0, it serves as a platform for storing data in real time and offers companies worldwide secure networking of systems and facilities.

The data cloud has established itself in the IT environment. According to Bitkom, three-quarters of companies already use outsourced IT infrastructures because the cloud makes it easy to introduce new IT systems. Especially when entering industry 4.0, companies need flexible solutions for storing and processing their data.

The target of cyber-criminals: Attacks from inside and outside

The security aspect inhibits companies from entering industry 4.0 because the threats posed by cyber-attacks are no longer invisible. The World Economic Forum asked participants about the probability and influence of global threats – cyber-attacks find their place in both top 10 lists, alongside natural disasters, water crises and epidemics. .

The networking of people and machines in the entire production process is increasing the attack surface for cyber-criminals. Technical, organizational, and human deficits in companies can open various doors for cyber-attacks.

External attacks usually take place via the Internet. Due to the initial connection of outdated IT systems within the internet, large security gaps arose that were undetected by cyber-criminals. Remote maintenance accesses can also create loopholes through which harmful data can enter. The consequences are devastating: hackers can manipulate the production, steal data, and blackmail companies. There is also a risk that cyber-criminals could gain access to the control of machines or paralyze the company’s internal energy network.

Internal security cannot be ignored either. Hackers take advantage of human vulnerabilities through social engineering, and make employees inadvertently infiltrate malware or ransomware into the corporate system via email. These are transferred to IT systems and spread over the entire production process.

Cyber-criminals become more creative and the scale of their attacks, especially in networked systems, gets increasingly devastating. In March, a cyber-attack was launched on the Norwegian aluminium group Norsk Hydro. Hackers introduced ransomware into the company’s IT systems. The internal networking affected IT systems of almost all business areas and the global network was paralyzed. According to Spiegel Online, the company has become a victim of the ransomware LockerGoga which encrypted numerous files of the company. 

Industry 4.0 Infografic

The cyber-criminals behind the decryption demanded a ransom in the form of crypto-currency. In order to protect itself against the spread of malware, the company switched the production to manual operation, which led to restriction.

As a result of the hacker attack, Norsk Hydro suffered losses of over 30 million euros. However, the international aluminum producer is only one of many industrial companies: According to the IT association Bitkom, eight out of ten industrial companies in Germany fall victim to cyberattacks.

 

Security: the key to a successful entry into industry 4.0

 

Half of all machines in every tenth German company is already networked via the internet. But the vision of the fourth industrial revolution was built on old security protocols. To comprehensively protect smart, networked factories from cyberattacks, companies need a multi-level security concept that not only protects industrial networks, but also the cloud and the data volumes stored in it. The industry sector is an attractive target for cybercriminals because of its high economic power and its importance in the supply chain. Hackers use a large pool of attack vectors to penetrate the corporate system.

Email is also the main gateway in this area: It is the primary way of communication in companies worldwide. A professionally designed fraud mail is not easy to detect, and so access data or other sensitive information unintentionally leaves the company and ends up directly with the cybercriminals who exploit it for further action. With paying more attention to the increasing global cybercrime activities, high financial losses and physical damages can be limited and prevented. All the reports of attacks on industrial enterprises show, that the digital progress not only involves advantages – it is important to think about the resulting security gaps.

Sources
Hornetsecurity releases new feature for protection against encrypted malware attachments

Hornetsecurity releases new feature for protection against encrypted malware attachments

Hanover (01.07.2019) – With the help of encrypted email attachments, cyber criminals are currently trying to circumvent classic antivirus programs. Encryption prevents filter mechanisms from detecting the underlying malware. Since the beginning of the year, for example, the ransomware GandCrab has been spreading this way. In view of the increasing threat situation, the cloud security provider Hornetsecurity has developed a unique feature that recognizes this procedure and blocks the malicious email before it arrives in the email inbox.

“Nowadays, companies are investing much more in IT security than they did 5 years ago. Through AI and other intelligent defense mechanisms, attackers can no longer reach their target with simple methods. Therefore, cybercriminals are increasingly developing more detailed strategies to circumvent these mechanisms. Hornetsecurity technology enables us to react to targeted attacks at any time”, says Daniel Hofmann, CEO of Hornetsecurity. “With the new function Malicious Document Decryption we react quickly to the systematic approach of cybercriminals. The capabilities of Malicious Document Decryption are unique to the market.”

So that the encrypted document can be opened by the selected recipients in order to install the underlying malware unnoticed in the system, the fraud email contains the corresponding password in plain text.
Malicious Document Decryption analyzes the content of incoming emails with encrypted attachments for the appropriate password to remove the encryption. Using static and dynamic analysis techniques, the behavior of the decrypted file is examined. This ensures that the underlying malware is detected immediately and does not reach the recipient’s email inbox.

The new feature is part of the Advanced Threat Protection service and complements the protection for secure email communication against particularly intelligent and systematic cyber attacks. Hornetsecurity customers who already use the ATP service can rest assured: The feature was already integrated and activated in the service for all ATP users since the beginning of June.

About Hornetsecurity:

Hornetsecurity is the leading German cloud security provider in Europe, which protects the IT infrastructure, digital communication and data of companies and organizations of all sizes. The security specialist from Hanover provides its services worldwide via 9 redundantly secured data centers. The product portfolio covers all important areas of email security, including spam and virus filters, legally compliant archiving and encryption, as well as defense against CEO fraud and ransomware. With around 200 employees, Hornetsecurity is represented globally at 10 locations and operates in more than 30 countries through its international distribution network. The premium services are used by approximately 40,000 customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung, DEKRA, Claas, and the Otto Group.

Hornetsecurity mobile – on the move with the Progressive Web App

Hornetsecurity mobile – on the move with the Progressive Web App

In recent years, the number of apps downloaded from app stores to mobile devices has steadily decreased. According to a forecast by the IT consulting firm Gartner, half of all apps used in 2020 will be Progressive Web Apps (PWA). Hornetsecurity reacted to this trend and released a Progressive Web App for the Hornetsecurity Control Panel.

A Progressive Web App is a combination of a responsive website and a native app. Since February 2019, a Progressive Web App is available to all Hornetsecurity customers, enabling them to access the control panel from a mobile device in a simple way. Since the release of the control panel version 6.5.2.0 at the end of June 2019, the Progressive Web App has also been available as a white label version with which Hornetsecurity customers and partners who have booked the white label option can customize the app name, icon and splash screen.

Advantages of the Progressive Web App from Hornetsecurity

With the Progressive Web App, it is possible to create an icon on the home screen, allowing easy access to the control panel. In comparison to a responsive website, the Control Panel does not has to be opened in a browser but is accessed directly by clicking on the icon. With the white label version, the icon, app name and logo on the splash screen can also be adapted to the company’s design.

Another advantage is that, unlike native apps, the Progressive Web App does not need to be downloaded and therefore does not consume any storage capacity on the mobile device. The Progressive Web App software also updates automatically. Furthermore, the use of the Progressive Web App saves time, as the user name and password can be saved and thus prevent the time-consuming, repeated input of user data.

So, if you want to access the control panel quickly and conveniently from home or on the train, install the Progressive Web App and benefit from better usability.

How to

1. Open the Internet browser on your smartphone and enter “cp.hornetsecurity.com” in the address bar.
2. At the bottom of your browser, a pop-up opens with the instructions for installing the Web App.
3. After installing the Web App on your home screen, open the app and log in with your login data.

ATP update – Introducing the new feature Malicious Document Decryption

ATP update – Introducing the new feature Malicious Document Decryption

In order to spread ransomware, viruses or spyware into the systems of companies and organizations, cybercriminals are constantly developing new methods: Now they are focusing on a simple but very effective way, in which their distributed malware attached to an email can bypass antivirus scanning. The infected attached document is encrypted with a password, which prevents the filtering mechanisms of antivirus programs from detecting the hidden malware.
The current threat situation requires an update of the existing filtering mechanisms: “Malicious Document Decryption”fulfills these requirements perfectly.

Just a few weeks ago, we reported about a “fake application mail” campaign that targeted HR departments in companies. This attack was performed by the ransomware GandCrab 5.2. The Hornetsecurity Security Lab still detects incoming malicious emails with encrypted and malware-infected attachments. The password for the decryption of the malicious file is visible to the recipient in the message of the email. However, decrypting the attachment downloads the hidden virus and infects the computer system.

“Malicious Document Decryption” adds another elementary feature to Advanced Threat Protection to prevent the increasing threat of hidden malware. Emails with encrypted attachments are analyzed for their potential passwords within the email in order to decrypt the attachment in the sandbox. The file is then scanned using static and dynamic analysis methods and the behavior of the file is examined during execution. This makes it possible to detect malware in encrypted files and block the corresponding emails before they reach the recipient.

The “Malicious Document Decryption” feature decrypts all encrypted Microsoft Office file types and will be extended to decrypt PDF and archive files (RAR, ZIP, etc.).
Since the beginning of June, “Malicious Document Decryption” is included in the ATP service and already activated for all existing ATP customers..

Social engineering – How hackers get at your data without programming skills

Social engineering – How hackers get at your data without programming skills

“There’s no technology today that can’t be overcome through social engineering.” (Kevin Mitnick, former hacker and social engineering expert)

Even with the best technical security precautions, every company has a risk factor that is difficult to control: the human one. To get hold of important data or gain access, a hacker needs to understand not only computers but also people. What exactly is social engineering and how can you protect yourself? We will answer key questions about this in the article below.

What’s behind “social engineering”

Social engineering is all about manipulating individuals on an interpersonal level. It involves the hacker trying to gain their victim’s trust and persuade them to reveal confidential information, for example, or to share credit card details and passwords.

The method is not something that only occurs on the Internet, but a scam tactic that has been used for many decades. One of the best-known ploys is the “grandparent” scam, where a fraudster telephones an elderly person and passes themselves off as a relative in desperate need of money (German police program for crime prevention, 2017).

Criminals also regularly use social engineering for financial gain through online dating services. A seemingly young, attractive woman will contact a man who is obviously looking for a new partner. The imposter plays their single-woman-in-love role well enough to win the victim’s trust in a relatively short time. Then the criminal asks the victim to help them with money for something like visiting their “new partner” – after which they often cut off contact.

Social engineering attacks on companies

If social hacking works in the private sphere, then businesses are the next target up for criminals – chiefly because there are often higher sums of money up for grabs here. Hackers follow much the same approach as with private individuals, although obtaining the information needed for a professional attack takes significantly more time. This makes the following information especially relevant for cybercriminals:

  • Who is the head of the company (CEO) and which individuals are in leadership positions?
  • Who is authorized to make bank transfers?
  • When is the CEO on vacation or out of town for a work trip?
  • What business activities are currently happening?

Hackers will usually target an employee who is authorized to carry out financial transactions, sending them an urgent message from a fake email address that looks like it has come from the boss.

Examples of Social Engineering:

Due to the apparent urgency of the request, the email recipient then finds themselves rushing to follow their superior’s instructions without asking any significant questions. Once the data has been sent, the cybercriminal goes straight to work or money is transferred directly to the social hacker’s account. In 2016, large enterprises like Austrian aeronautics supplier FACC and Nuremberg-based cable manufacturer Leoni learned hard financial lessons about this modus operandi when they suffered losses of several million euros.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

But be warned – CEOs and people in accounting are not the only ones who are vulnerable:

“Hey,
Felix from IT here. I’ve noticed a couple of irregularities with your account on our system. Can you give me your login details so that I can check it out?

Regards, Felix”

How would you react to a message like this? Would you reply? You may not know everyone in IT, but Felix appears to be a coworker and looking to help you safeguard internal IT security.

In large firms especially, most employees will not be familiar with the whole IT team. Anyone trusting such an email makes it possible for sensitive data to be stolen and puts many other areas of a business besides IT security at immense risk.

Phishing: the impersonal form of social engineering

A less laborious type of social engineering is the classic phishing email. This usually involves fake PayPal emails containing a link to a simulated website so much like the original that it is difficult to notice any deception. The email will ask people to update or verify their login details on this website, but doing so delivers the data directly into the hands of the scammers.

Unlike a personalized email, these messages are highly generic. The classic phishing email is based on a simple and less costly method, which means huge volumes of emails are sent. Even if only a fraction of the recipients fall for the ruse, hackers will have found the social engineering attack worthwhile..

Social engineering needs no programming expertise

Technical obstacles are overcome simply by employing psychological tricks, with hackers exploiting people as the weakest link in the IT security chain. Even the most secure vault in the world can be opened if the access details are handed over to unauthorized individuals. This saves the criminal a great deal of technical effort and lessens the chance of them being detected by IT security measures.

If you had replied to the email from Felix above, the hacker would have infiltrated the company network within a few minutes. No effort, no programming skill, no great risk. Criminals leverage employees’ fundamental trust and curiosity in order to steal data or money.

How can I protect myself and my company against social engineering?

Organize preventive training sessions on a regular basis to educate yourself and your colleagues about the dangers of fake emails. Regular information emails can also help to raise awareness of the issue.

As long as criminals have not gained access to an employee’s or the CEO’s email account, there are several different ways to recognize fake emails:

  • Verify the sender address: Check the sender address carefully. Is the email address really correct? Have any letters been swapped, maybe? Or an upper-case I replaced with a lower-case L? There will often be an automatically generated and untraceable second email address behind the first one. If you think an email is suspicious, you can take a closer look at the header. Information like the actual sender and the server that the message was sent from can all be found in an email’s header. In most cases, the sender is the clearest criterion for identifying a fraud attack.
  • Check first hand: Contact colleagues directly if you’re unsure. Call the person in question or speak with them face to face.
  • Rhetoric: With CEO fraud attacks especially, it is important not to let yourself be intimidated. Ask yourself whether the boss really wants to transfer €20,000 into an unknown account without anyone’s knowledge. Or consider whether your IT colleague Felix could in fact have noticed “unusual activity” and why that would make him require your login anyway. And even as a private individual – if you receive a surprising email from a company where you are a customer, it can help to make a brief call to their support team.
  • Pay attention to spelling mistakes: Phishing emails, in particular, are full of misspelled words; from an incorrectly written name to sloppy language that suggests the text was not written by a native speaker but perhaps translated by automated language software.
  • Don’t click on links directly: If the content of an email leaves you in any doubt, the best thing is not to click on any links inside it and instead to access the website concerned directly through your browser. For example, if Amazon asks you to update your details, then you should go directly to Amazon.com and look for a corresponding message there. If there is nothing to be found, you have likely received a phishing email.
  • Hover over links: Before you open a link, mouse over it. With most browsers, a small window will open in the bottom left. This is the URL which will be accessed when the link is clicked. Checking the URL provides information about the true destination of the displayed web address.

Google phishing quiz: Your free awareness check

A few weeks ago, Google created a security quiz in response to the sharp growth in phishing attacks. This quiz challenges you to try and spot a phishing email. Can you see through any social engineering attack? Find out now!

Additional safeguards with Hornetsecurity Advanced Threat Protection

Classic phishing emails will generally be identified and weeded out immediately by a good spam filter. A personalized social engineering attack, however, is not much different from a perfectly ordinary email. These unwanted emails will therefore end up in your inbox in spite of spam filtering.

Advanced Threat Protection goes a step further: various deep filters and heuristic detection mechanisms will uncover almost any fake email. With the help of AI, the filter learns from every attack and thus improves its detection rate on a daily basis. Advanced Threat Protection covers many of the above points completely automatically.
Ultimately, though, you should always question every email and be cautious about sharing data.

Blockchain explained easily

Blockchain explained easily

Over and over again in recent times the subject of blockchains has made the headlines. Probably the best-known representative of this technology is the Bitcoin cryptocurrency. Yet the uses to which a blockchain can be put are more diverse and are hotly discussed in the financial and insurance industries and in IT. So what exactly is a blockchain and what is the technology behind it? This blog entry looks at this question and goes on to examine the advantages that blockchains bring and the scenarios in which they can be used.

What is a blockchain?

A blockchain is essentially a decentralized digital database for the storage of data. This technology can be used to perform what are known as transactions and to verify and automate them. Transactions are data collections that are distributed to all participants (or ‘nodes’) within a particular network and subsequently collected together in blocks.

The origin of the name ‘blockchain’ is as follows. A ‘block’ is a body of stored transactions, while a ‘chain’ is formed by stringing together a number of blocks. The result is a ‘blockchain’ that is formed of multiple information blocks and is further extended by additional blocks. When this happens, the new block is always attached to the most recent block of the existing chain.

How does a blockchain work?

The individual blocks of a blockchain are created in a decentralized peer-to-peer network by means of a process called ‘mining’. In mining, transactions are verified by a consensus mechanism, validated and then joined together to form a block. The block thus formed is then chained to the existing blockchain.

The commonest consensus mechanism is the ‘proof of work’ algorithm. This is used in the Bitcoin blockchain, for example, and serves to ensure that a consensus prevails in the affected network about an identical version of the blockchain. To generate a new block, the miners must use a mathematical function – known as the hash function – to find the correct outcome of a given character string. This is done by entering various values into the hash function. The outcome of this function is predetermined, and therefore no conclusions can be drawn about the values contained within it. If the predetermined outcome and the result of the hash function employed are identical, the newly formed block is accepted and adopted by all nodes of the network.

The data of a blockchain is redundant and secure, since the data is stored on all the nodes within the network. As a result, the failure of one or more nodes does not pose the hazard of potential loss of data. Data contained within a blockchain can be neither changed nor deleted. Any manipulation would result in all subsequent blocks being invalid.

What types of blockchain are there?

Blockchains can basically be divided into three main types: public, private and consortium or federated. There are also other mixed forms that are not examined in this entry.

Public blockchain

In a public blockchain, the network is entirely decentralized. There is no central point of responsibility, so that everybody in the blockchain participates on all nodes of the network and can access the blockchain data distributed within it. Before a new transaction can be added to a block, it must be verified and synchronized by every node. This type is therefore relatively slow and resource-intensive. Public blockchains are often used with cryptocurrencies such as Bitcoin or Ethereum. All nodes within the network agree the transactions. They therefore decide which transactions are included in a new block and added to the chain.

Private blockchain

In this type there is a responsible party that operates the blockchain and undertakes the verification of the transactions. The responsible party can be a person or a company. This party also decides who may perform actions such as reading or writing. This form of blockchain has a higher level of data protection than the public variant, but it loses the fundamental notion of decentralization. The private blockchain is suitable for companies that do not wish to make their data freely accessible. Daimler and LBBW tested the use of a private blockchain in a pilot project for processing a bonded loan, from initiation through placement, allocation and conclusion of contract through to the interest payment and repayment confirmations.

Consortium or federated blockchain

This is an extension of the private blockchain in which responsibility for the blockchain is shared among several parties. For example, a group of persons or companies can share in the responsibility for verification of transactions and distribution of access rights.

A consortium blockchain is faster than the public type, but unlike a private blockchain, is not dependent on a single person or company. Since a number of participants are involved who must decide on the transactions to be performed, wrong decisions, fraud attempts and the like are also less likely to occur. Consortium blockchains are likewise suitable for companies and are used in the banking industry, for example. Here there are alliances of multiple companies.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

Within these alliances are what are known as ‘smart contracts’. Here a supplier, say, is automatically paid once he has supplied the correct quantity at the agreed time.

Use of blockchains in IT security

Blockchain technology can be used in a wide range of scenarios. In cyber security, the risk of cyberattacks can be minimized by means of secure encryption mechanisms. Data that has been verified in a consensus mechanism can then no longer be altered. The redundant infrastructure of a blockchain increases the failure safety of sensitive data and constantly increases user acceptance in the company.

More information: