Breach of Rust: How Hackers Break in through Old Tech

In 2010, the infosecurity community identified an extremely sophisticated computer worm capable of propagating at an unprecedented rate and exploiting several previously unknown Windows zero-day vulnerabilities. Stuxnet, as the worm was infamously dubbed, proved that a malicious actor could directly infect the programmable logic controllers (PLCs) of actual equipment used in manufacturing (in this case, a centrifuge used to manufacture weaponizable grade uranium). Without some precautions, this same type of attack could be adapted to target any PLC and software-controlled device on a manufacturers' factory floor.

Today, the number of cyberthreats specifically targeting manufacturers continues to climb. Just last year, nearly half of manufacturing companies in the UK reported that their organizations had fallen victim to cybercrime, making manufacturing one of the top three most targeted sectors for cybercriminals. Furthermore, modern manufacturers operate with a complex combination of systems and platforms of varying ages and degrees of specialization. Compounded by both active and residual complications brought on by the shift to Industry 4.0, provisioning reliable security across entire hyperconnected and increasingly complex company networks has become a daunting task for IT teams industrywide.

According to Verizon's 2018 Data Breach Investigation Report, 47% of all attacks in manufacturing involved the theft of intellectual property, with 66% of attacks happening from hacking and 34% from malware. In fact, the same report found that external hackers accounted for 89% of all attacks in manufacturing. Considering these figures, it's safe to assume that cyber criminals will leave no hardware unturned when it comes to finding entry points into their targeted networks. These actors are acutely aware that many manufacturing companies are running outdated systems with readily exploitable vulnerabilities, or transitioning to new, more connected technologies (such as IoT) that often present additional security concerns. 

Back offices of factory and manufacturing facilities are often host to several legitimate – and likely, neglected – attack vectors that attackers can infiltrate to make lateral movements through an organization's network, and even onto the manufacturing floor. This is particularly problematic considering older appliances and technologies usually aren't a top security priority and can easily be forgotten, unpatched and left vulnerable.

While a lack of investment in cybersecurity is one of the biggest risk factors for manufacturers, there are also several older technologies that can be found throughout most manufacturing facilities – everywhere from the back office, to the factory floor – and should be phased out or patched to help shore up holes in the network. Here's a list of five back office technologies you may be overlooking:

1. Fax Machines – According to a 2017 Spiceworks poll, 62% of companies still use physical fax machines. And like printers, many of the passwords for these machines are never updated from the default provided by the manufacturer, which is a major security no-no. Left unsecured, fax machines present an easy target for cybercriminals hunting for confidential data. Hackers who infiltrate these devices can seize the distribution power to send sensitive fax documents wherever they want, even their own email addresses. In addition to changing passwords provided by the fax machine manufacturer, another recommended security precaution is to disable the fax machine's remote access or management options — or at least secure that remote access with additional security controls like a VPN.
2. Printers – From stealing hidden documents to hacking the entire IT infrastructure, hackers can create a plethora of problems through a single unsecured printer. In order to make printers safe, the passwords assigned by the machines' manufacturers must be changed before the first company use. The next important step for IT/security teams is to carefully determine who will be responsible for controlling their business's printers and make sure that all of the devices are securely connected to the internet (or not connected at all). Like any IoT device, printers run off software, which needs updates. Make sure to patch your printer regularly, especially if the update fixes any security flaws. If printers or scanners are replaced every few years, it may be necessary to create a destruction strategy for those machines as well, or at least the hard drives they may contain.
3. Video Conference Systems – The level of security found in conference room video systems can be pretty low and although the technology is used frequently for meetings and calls as part of most day-to-day company operations, it can easily be neglected and therefore left vulnerable. Smart cybercriminals can actively look for opportunities to hack video conferencing systems connected to public Wi-Fi networks. Video conference systems are a prime target for hackers, as they can exploit the hardware's vulnerabilities to spy on highly confidential conversations and company meetings. For this reason, manufacturing companies are urged to create private networks for conference rooms and only connect them to public internet connections when absolutely necessary. If your conferencing system must go online, you should again consider VPN and additional authentication mechanisms to secure that connection. The rule about changing factory-set passwords also applies here, as it does for any IoT device you install.
4. Security Cameras and Door Access Systems – Security cameras and door access systems at manufacturing companies can also present considerable danger. You should implement detailed defensive controls, but also carefully consider how you use them and what authority within the company will control them. While we know deficiencies in physical security can affect cyber security, we recommend penetration tests and network controls for detecting and eliminating the weaknesses in surveillance cameras and door access systems.
5. Ventilation, Heating and Cooling Systems – A breached ventilation, heating or cooling system can evolve into an attack severe enough to cause a company's entire sales operation to collapse, as was seen in the Target breach. These systems are often installed by people with limited IT experience, which makes them a more likely place for hackers to find an entry point into a company's network. Testing IoT devices and sensors before installation, assigning unique passwords, protecting their often web-based management systems, and regularly updating software updates are important steps toward preventing compromise.

Simply securing network and computing devices is no longer sufficient when it comes to bolstering your organization's overall security posture. Old appliances and technologies may contribute to the insecurity of your manufacturing network, but it's also important to be aware that modern cybercriminals are often wielding a multi-prong approach when attacking organizations. These malicious actors also target employees with social media scams and fraudulent emails, and will even resort to dumpster diving if that's what it takes to get their hands on sensitive company documents that have been discarded (especially if they haven't been shredded). As you move forward with your security strategy, remember to always have visibility into your connected devices, scan often, and keep devices (old and new) updated. 

Corey Nachreiner is the CTO of WatchGuard Technologies and operated at the frontline of cyber security for 16 years, and for nearly a decade has been evaluating and making accurate predictions about information security trends.