As technology continues to advance and more of the world, including manufacturing plants and products themselves, becomes connected, understanding the risks associated with industrial internet of things (IoT) deployments is increasingly important.
Organizations considering launching a manufacturing or industrial IoT initiative, or connecting existing technology for automated and remote monitoring or access, will need to consider all of the potential risks and attack vectors associated with those decisions.
The Industrial Internet of Things (IIoT) has seen significant advancements since we first explored its risks in this blog post. As technology continues to evolve, so do the risks associated with IoT devices. In this updated post, we will delve into the latest threats and challenges facing IoT in 2024, including:
Device hijacking
Data siphoning
Denial of service attacks
Data breaches
Device theft
Man-in-the-Middle or Device “spoofing”
Industrial IoT (also known as IIoT) refers to a network of connected industrial devices found on things like plant manufacturing equipment down to small sensors inside of manufactured devices. These IoT sensors are typically used to collect information on past performance or efficiency and share that data back to a centralized source.
🔎 Read the full guide: Everything you need to know about securing your IoT deployment.
Depending on the application, a breach in an industrial internet of things environment could result in risks ranging from leaking of important information that is critical to the way your business works or a device is manufactured, to compromise of the product you produce or damage to your industrial controls.
Take a physical product, like bolts, for example.
If a hacker gained access to the network for your bolt manufacturing plant and changed the machine settings that controlled the strength of that bolt, it could easily cause bolts to fail and your products to fall apart under stresses it should normally be able to withstand.
That could mean a person dies when your product fails.
While the risks vary depending upon how you use IoT devices in your organization, the threat is real no matter the level of concern. Protecting your organization, and the people who use your products should be paramount.
There are a variety of risks associated with a cybersecurity compromise in industrial IoT. Each of them is described in more detail below.
The threat landscape in the IIoT sector has grown increasingly complex. In 2024, cyberattacks on critical infrastructure and industrial systems are more prevalent than ever.
Device hijacking occurs when a malicious actor takes control of an IoT endpoint device or IoT sensor, often without the owner being aware that a breach has occurred.
Depending on how “smart” your endpoint devices are, device hijacking can vary in terms of how big of a risk or concern it poses.
If an endpoint or IoT devices are compromised by ransomware or malware, a bad actor may be able to control the activity of the endpoint device itself. This is especially concerning if that endpoint or device has automated functionality, controlling manufacturing (like the bolt example above) or controlling the function of an internet-connected product in the field.
This can often happen if you fail to update your industrial internet of thingsdevices properly. This also may be the starting point for an attack that goes after your entire network by starting at an endpoint and using that device to gain access to your centralized network.
As many devices in manufacturing plants or within warehouses rely on older or legacy technology, that may not be able to be updated at all, connecting them to the network opens a lot of doors at the device level.
Using a hardware-based VPN solution is often the only way to provide security to both the IoT device itself and the data or information that it transmits, which is also compatible with older or legacy technology.
Similar to an “eavesdropping” style attack, data siphoning is focused on the data being transmitted by an industrial IoT device rather than an end-user. Data siphoning, also known as data theft or data exfiltration, is the unauthorized or illegitimate process of copying, transferring, or stealing data from one computer, network, or system to another, typically with the intention of accessing, using, or disclosing that data without proper authorization.
In this case, attackers eavesdrop on the network traffic going from the endpoint device back to the primary network to gather information they shouldn’t have access to.
This particular type of attack is most concerning when the data your industrial IoT device is sending is very sensitive or could be a problem if it fell into the wrong hands, making it of most concern to highly regulated industries like defense, healthcare, and aerospace.
It is also concerning if the device is sending information that may allow a competitor to gain access to important IP.
In this case, making sure all data being transmitted is appropriately encrypted (potentially even with quantum resistant cryptography) and protected is incredibly important.
Another common risk with industrial IoT devices is the potential for a distributed denial of service attack across all devices or across the internal network itself. A Denial of Service (DoS) attack is a malicious attempt to disrupt the normal functioning of a network, system, or online service by overwhelming it with a flood of traffic or requests. The primary goal of a DoS attack is to make a website, server, or network unavailable to its intended users, thereby denying access to legitimate users.
DoS attacks typically involve sending a massive volume of traffic or requests to the target, effectively consuming its available resources, such as bandwidth, processing power, or memory. This results in slow performance or, in more severe cases, complete unavailability of the targeted service.
Essentially, an attack like this just renders the industrial IoT endpoint devices about as useful as bricks.
This is critical for organizations that rely on those devices being functional for production to continue, or for products to work properly in the field. In this instance, a security solution that completely obfuscates the device from the outside world, and all of the networks it speaks to, is especially attractive.
This risk involves an attacker using industrial IoT devices as the door into the central network where important and sensitive data is stored.
Because the attack surface is very large for many industrial IoT devices, due to the legacy technology concerns we mentioned above, it makes them a prime target to use as the “doorway” to larger corporate networks.
Attackers can simply use them as a way to gain entry to your enterprise network and gain access to data you are looking to keep protected, including:
Client or partner data: Any information about your clients or partners, including their passwords, their customers, or their internal systems.
Personally identifiable information: This can be personal or identifying data about your customers or other employees.
Intellectual Property or Trade secrets: Anything that is vital to how your company or its customers or partners works that would be negative if it found itself in the hands of your competitors.
Health data: Any health or personal data protected by HIPAA regulations.
Financial data: Information about finances for your company, your clients, partners, or your customers including bank details and login information.
As discussed above, the best way to protect industrial IoT devices from becoming an entry point is to properly secure the devices themselves. Using a hardware-based VPN solution is often the only way to accomplish this that is also compatible with older or legacy technology.
Another common concern, particularly with devices out in the field, is theft of the physical devices themselves. This risk is largest when endpoint devices are storing important information that may cause concern if that information falls into the wrong hands.
Often, internet of things (IoT) deployments protect from this risk by avoiding storing any sensitive data on the endpoint devices themselves and relying on the network or cloud-based infrastructure they connect with to hold that information.
This risk involves the potential of an attacker placing themselves between the industrial IoT endpoint device and the cloud or centralized network, and “pretending” to send data as the device.
This is of largest concern if the traffic coming from an endpoint device might be used to change production information or control a product in the field.
Take the bolt manufacturing example discussed earlier. If an attacker pretending to be an industrial IoT sensor sent back false information that caused the production equipment or machines to change calibration or manufacturing processes, that might result in faulty bolts being produced.
There are various types of spoofing, including:
IP Address Spoofing: In IP address spoofing, an attacker alters the source IP address of network packets to make it appear as if they are originating from a trusted or different source. This can be used to bypass access controls, launch DoS attacks, or engage in other malicious activities.
MAC Address Spoofing: MAC address spoofing involves changing the Media Access Control (MAC) address of a network interface to impersonate a different device. This can be used to gain unauthorized access to a network or evade network security measures.
Email Spoofing: Email spoofing involves sending emails with a forged sender address to trick the recipient into believing the message comes from a trusted source. This is commonly used in phishing attacks.
DNS Spoofing: DNS spoofing, or DNS cache poisoning, involves altering DNS records to direct users to malicious websites or intercept their traffic. This can lead to various attacks, including man-in-the-middle attacks.
Caller ID Spoofing: In telecommunications, caller ID spoofing is used to disguise the originating phone number of a call or text message. It's often used for malicious purposes or for prank calls.
User Agent Spoofing: User agent spoofing is commonly used in web scraping and web automation to mimic the behavior of a different web browser or device.
In this case, using a hardware-based security solution can create a root of trust, allowing the central network to know, without a doubt, if information is coming from a real endpoint device or someone else.
As you consider embarking on an industrial IoT initiative, keep in mind the security risks you’ll have to protect your organization against. Knowing about these risks shouldn’t necessarily stop you from undergoing the initiative, but will allow you to select a deployment strategy that will help you mitigate them.
Different security measures are built for technologically different purposes or applications. Some tools and products are meant to help you diagnose and detect problems, whereas some tools are meant to help you prevent attacks from ever happening in the first place.
Make sure you have the right balance of both types of protection in your plan.