Trend Micro Research Reveals Serious Vulnerabilities in Critical Industry 4.0-IT Interfaces

Must Read

How To Block Your Bank Account And SIM Card In Case Of Emergency

Losing your phone and wallet or having them stolen can be very frustrating. However, in case that happens to...

List of Mobile Banking USSD Codes For All Banks in Nigeria and how to use them

The introduction of USSD codes (Unstructured Supplementary Service Data) has changed the Nigerian banking system completely. Today, mobile banking...

List of United Bank for Africa (UBA) Sort Codes & Branches (with addresses) in Nigeria

The sort code is a number that usually identifies both the bank and the branch where an account is held. The sort...
- Advertisement -

Protocol gateways prove critical for smart industrial environments

 

HONG KONG,
CHINA – Media OutReach – August 6, 2020 – Trend Micro
Incorporated
(TYO: 4704; TSE: 4704), the
global leader in cloud security, today released research revealing a new class of security
vulnerabilities in protocol gateway devices that could expose Industry 4.0
environments to critical attacks.

Also known as protocol translators, protocol
gateways allow machinery, sensors, actuators and computers that operate in
industrial facilities to talk to each other and to IT systems that are
increasingly connected to such environments.

- Advertisement -

“Protocol gateways rarely get individual
attention, but their importance to Industry 4.0 environments is significant and
can be singled out by attackers as a critical weak link in the
chain,” said Bill Malik, vice president of infrastructure strategy
for Trend Micro. “By responsibly disclosing nine zero-day vulnerabilities
with the affected vendors, Trend Micro is leading the way with industry-first
research that will help to make global OT environments more secure.”

Trend Micro Research analyzed five popular
protocol gateways focused around translation of Modbus, one of the most widely
used OT protocols globally.

- Advertisement -

As detailed in the new report,
vulnerabilities and weaknesses found in these devices include:

  • Authentication
    vulnerabilities allowing unauthorized access
  • Weak
    encryption implementations allowing decryption of configuration databases
  • Weak
    implementation of authentication mechanisms resulting in disclosure of
    sensitive information
  • Denial of
    Service conditions
  • Flaws in the
    translation function that could be used to issue stealth commands to sabotage
    operations

Attacks leveraging such weaknesses could
allow malicious hackers to view and steal production configurations and
sabotage key industrial processes by manipulating process controls,
camouflaging malicious commands with legitimate packets, and denying process
control access.

Read Also:  The 2020 Taiwan Open of Surfing starts in Taitung today - Surfs Up
- Advertisement -
Read Also:  Huntkey to Release GaN Chargers

The report makes several key recommendations
for vendors, installers and end users of industrial protocol gateways:

  • Consider the
    design of products carefully before selection. Ensure they have adequate packet
    filtering capabilities, so that devices aren’t prone to translation errors or
    denial of service
  • Do not rely
    on a single point of control for the security of the network. Combine ICS
    firewalls with traffic monitoring for improved security
  • Spend time on
    configuring and protecting the gateway — use strong credentials, disable
    unnecessary services and enable encryption where supported
  • Apply
    security management to protocol gateways as any other critical OT asset, i.e.
    regular assessments for vulnerabilities/misconfiguration, and regular patching

The results of this research was presented at
Black Hat USA on August 5. To read the full report, please
visit: https://www.trendmicro.com/vinfo/hk/security/news/internet-of-things/lost-in-translation-when-industrial-protocol-translation-goes-wrong 

About Trend Micro

Trend Micro Incorporated, a global leader in cybersecurity
solutions, helps to make the world safe for exchanging digital information. Our
innovative solutions for consumers, businesses, and governments provide layered
security for data centers, cloud environments, networks, and endpoints. All our
products work together to seamlessly share threat intelligence and provide a
connected threat defense with centralized visibility and control, enabling
better, faster protection. With more than 6,000 employees in over 50 countries
and the world’s most advanced global threat intelligence, Trend Micro secures
your connected world. For more information, visit www.trendmicro.com.hk.

Trend Micro Research Reveals Serious Vulnerabilities in Critical Industry 4.0-IT Interfaces

- Advertisement -
Trend Micro Research Reveals Serious Vulnerabilities in Critical Industry 4.0-IT Interfaces - Brand SpurTrend Micro Research Reveals Serious Vulnerabilities in Critical Industry 4.0-IT Interfaces - Brand Spur

Subscribe to BrandSpur Ng

Subscribe for latest updates. Signup to best of brands and business news, informed analysis and opinions among others that can propel you, your business or brand to greater heights.

- Advertisement -
Trend Micro Research Reveals Serious Vulnerabilities in Critical Industry 4.0-IT Interfaces - Brand SpurTrend Micro Research Reveals Serious Vulnerabilities in Critical Industry 4.0-IT Interfaces - Brand Spur

Latest News

LASACO Assurance Completes Share Capital Reconstruction

We refer to our market bulletin of 1 February 2021 with reference number: NSE/RD/LRD/MB07/21/02/01, wherein the Market was notified...
- Advertisement -
BrandsPur Weekly Cartoons
- Advertisement -Trend Micro Research Reveals Serious Vulnerabilities in Critical Industry 4.0-IT Interfaces - Brand SpurTrend Micro Research Reveals Serious Vulnerabilities in Critical Industry 4.0-IT Interfaces - Brand Spur