Modern cyber criminals will leave no hardware unturned when it comes to penetrating target networks. According to Verizon’s 2018 Data Breach Investigation Report, external hackers accounted for 89 percent of all attacks against manufacturing organizations. This is a perfect example of how some sectors can be more vulnerable than others. Back offices in factories and manufacturing facilities often host several legitimate – and likely, neglected – attack vectors that malicious actors can infiltrate to make lateral movements through an organization’s network, and even onto the manufacturing floor.
In a recent guest column for IndustryWeek, WatchGuard CTO Corey Nachreiner outlined five outdated technologies that hackers can use to infiltrate manufacturers’ networks. Following is an excerpt from the article that covers a few of these potential weak spots:
- Video Conference Systems – The level of security found in conference room video systems can be pretty low and although the technology is used frequently for meetings and calls as part of most day-to-day company operations, it can easily be neglected and therefore left vulnerable. Smart cybercriminals can actively look for opportunities to hack video conferencing systems connected to public Wi-Fi networks. Video conference systems are a prime target for hackers, as they can exploit the hardware’s vulnerabilities to spy on highly confidential conversations and company meetings. For this reason, manufacturing companies are urged to create private networks for conference rooms and only connect them to public internet connections when absolutely necessary. If your conferencing system must go online, you should again consider VPN and additional authentication mechanisms to secure that connection. The rule about changing factory-set passwords also applies here, as it does for any IoT device you install.
- Ventilation, Heating and Cooling Systems – A breached ventilation, heating or cooling system can evolve into an attack severe enough to cause a company’s entire sales operation to collapse, as was seen in the Target breach. These systems are often installed by people with limited IT experience, which makes them a more likely place for hackers to find an entry point into a company’s network. Testing IoT devices and sensors before installation, assigning unique passwords, protecting their often web-based management systems, and regularly updating software updates are important steps toward preventing compromise.
For more on the other three back office technologies at manufacturing organizations that are often overlooked and unsecured, read the complete story in IndustryWeek. To learn about a new malware variant that was just recently discovered targeting business meeting rooms and IoT devices, check out this Daily Security Byte here on Secplicity.