Complex industrial equipment attack

The core assets of manufacturers are different from other industries, in addition to common PLC, HMI and other equipment, there are unique CNC machine tools, industrial robots, optical measurement systems, etc. UGRMEM-02SNQ33 These assets usually have complex system composition, many technical points, programming environment proprietary characteristics, such as industrial robots by the control system, drive system, executive joints, etc. It executes corresponding manufacturing tasks according to task procedures, which are decomposed into multiple execution steps (for example, “Move right”, “clamp open”, “move down”, “pick up”) in the control system to complete the corresponding production process of the product. Each machine vendor has its own specialized language to program tasks, such AS ABB’s Rapid, Comau’s PDL2, Fanuc’s Karel, Kawasaki’s AS, Kuka Robotics Language (KRL), Mitsubishi’s Melfa Basic, and Yaskawa’s Inform. These Industrial robot programming languages (IRPLs) are proprietary, and each language has a unique set of features.

UGRMEM-02SNQ33 IRPLs is very powerful because it allows programmers to write automated programs, but also read and write data from the network or files, access process memory, execute code downloaded dynamically from the network, and more. Powerful programming features can be very dangerous if used improperly and without security awareness. For example, worms can be programmed to spread themselves among robots in a network. After infecting a new robot, the worm will start scanning the network for other potential targets and use the network to spread. The worm includes a file collection function to obtain sensitive data and files from infected robots. The following is an example of a network scan of the worm malware:

UGRMEM-02SNQ33

In addition, there are many vulnerabilities in industrial robots, such as the directory traversal vulnerability, which allows an attacker to steal a log file that records the movement of a target robot, which contains sensitive information such as intellectual property (such as how the product is built), and then access other files in other directories (including files with authentication secrets). And use these files to finally access the control system. The following diagram shows a connection accessing a confidential file without verification.

The above is only for the industrial robot system to illustrate the possibility of attack on complex industrial equipment in the manufacturing industry, the rest of the key equipment such as CNC machine tool system, laser measurement system, etc., because of its powerful and complex functions UGRMEM-02SNQ33 may have loopholes or normal functions are maliciously used.

Protection suggestion

The above analysis focuses on the most common types of attacks in the manufacturing industry, and manufacturers need to take protective measures in advance to deal with possible attacks. Here are some suggestions:

Strengthen employees’ security awareness, organize relevant training to teach employees how to identify phishing, how to prevent and other knowledge, and conduct phishing tests from time to time.

Introduce equipment supply chain security assessment and management mechanism. For the various operating machines, IOT devices, and mobile devices used daily in the factory, before purchasing or using, you can assess the security by yourself or by looking for professional security manufacturers, try to build vulnerability repair mechanisms with suppliers, and set product security access thresholds.