As the lines between IT and operational technology (OT) networks continue to blur in a rapidly digitizing industrial sector, new vulnerabilities and threats threaten the conventional OT security measures that once isolated and protected physical processes from cyberattacks, Dark Reading reports,
Two new separate sets of research published this month highlight the real, hidden dangers to physical operations in today’s OT networks from wireless devices, cloud-based applications, and nested networks of programmable logic controllers (PLCs).
The research team from Forescout Technologies was able to bypass the safety and functional fences in the OT network and move laterally into different network segments at the lowest levels of the network. They exploited two recently disclosed vulnerabilities in the Schneider Modicon M340 PLC that they discovered – a flaw in remote code execution (RCE) and an authentication bypass vulnerability – to break into the PLC and move to the next level of attack by targeting the PLC’s connected devices to manipulate them and perform nefarious physical operations.
The highly sophisticated attack sequence that the researchers demonstrated with a proof-of-concept (PoC), which they acknowledged would require the technical skills and resources of nation-state attackers, is in stark contrast to a relatively new hack that another group of researchers performed. Both of these separate sets of OT attack discoveries poke holes in traditional assumptions about the inherent security of lower layers of OT networks.
In the second batch of research, a team at ICS security provider Otorio found some 38 vulnerabilities in products including cellular routers from Sierra Wireless and InHand Networks, and a remote access server for machines from ETIC Telecom. A dozen other bugs remain in the disclosure process with the affected vendors and were not named in the report.
The flaws include two dozen Web interface bugs that could give an attacker a direct line of access to OT networks.
As for the wireless access point vulnerabilities and attacks, the researchers recommend disabling weak encryption in wireless access devices, masking wireless devices publicly or at least whitelisting authorized devices, and ensuring strong authentication for IP-based devices.
Tom Winston, director of intelligence content at Dragos, says wireless access points in the industrial network should use multifactor authentication.