Categories: News

Trend Micro Research Reveals Serious Vulnerabilities in Critical Industry 4.0-IT Interfaces

Protocol gateways prove critical for smart industrial environments

 

HONG KONG,
CHINA – Media OutReach – August 6, 2020 – Trend Micro
Incorporated
(TYO: 4704; TSE: 4704), the
global leader in cloud security, today released research revealing a new class of security
vulnerabilities in protocol gateway devices that could expose Industry 4.0
environments to critical attacks.

Also known as protocol translators, protocol
gateways allow machinery, sensors, actuators and computers that operate in
industrial facilities to talk to each other and to IT systems that are
increasingly connected to such environments.

“Protocol gateways rarely get individual
attention, but their importance to Industry 4.0 environments is significant and
can be singled out by attackers as a critical weak link in the
chain,” said Bill Malik, vice president of infrastructure strategy
for Trend Micro. “By responsibly disclosing nine zero-day vulnerabilities
with the affected vendors, Trend Micro is leading the way with industry-first
research that will help to make global OT environments more secure.”

Trend Micro Research analyzed five popular
protocol gateways focused around translation of Modbus, one of the most widely
used OT protocols globally.

As detailed in the new report,
vulnerabilities and weaknesses found in these devices include:

  • Authentication
    vulnerabilities allowing unauthorized access
  • Weak
    encryption implementations allowing decryption of configuration databases
  • Weak
    implementation of authentication mechanisms resulting in disclosure of
    sensitive information
  • Denial of
    Service conditions
  • Flaws in the
    translation function that could be used to issue stealth commands to sabotage
    operations

Attacks leveraging such weaknesses could
allow malicious hackers to view and steal production configurations and
sabotage key industrial processes by manipulating process controls,
camouflaging malicious commands with legitimate packets, and denying process
control access.

The report makes several key recommendations
for vendors, installers and end users of industrial protocol gateways:

  • Consider the
    design of products carefully before selection. Ensure they have adequate packet
    filtering capabilities, so that devices aren’t prone to translation errors or
    denial of service
  • Do not rely
    on a single point of control for the security of the network. Combine ICS
    firewalls with traffic monitoring for improved security
  • Spend time on
    configuring and protecting the gateway — use strong credentials, disable
    unnecessary services and enable encryption where supported
  • Apply
    security management to protocol gateways as any other critical OT asset, i.e.
    regular assessments for vulnerabilities/misconfiguration, and regular patching

The results of this research was presented at
Black Hat USA on August 5. To read the full report, please
visit: https://www.trendmicro.com/vinfo/hk/security/news/internet-of-things/lost-in-translation-when-industrial-protocol-translation-goes-wrong 

About Trend Micro

Trend Micro Incorporated, a global leader in cybersecurity
solutions, helps to make the world safe for exchanging digital information. Our
innovative solutions for consumers, businesses, and governments provide layered
security for data centers, cloud environments, networks, and endpoints. All our
products work together to seamlessly share threat intelligence and provide a
connected threat defense with centralized visibility and control, enabling
better, faster protection. With more than 6,000 employees in over 50 countries
and the world’s most advanced global threat intelligence, Trend Micro secures
your connected world. For more information, visit www.trendmicro.com.hk.

Miscw.com

Recent Posts

Wildberries to More Than Double Warehouse Capacity in 2025

MOSCOW, RUSSIA - Media OutReach Newswire - 24 December 2024 - Wildberries, a leading e-commerce…

2 hours ago

JustMarkets Celebrates Key Milestones From 2024

HO CHI MINH CITY, VIETNAM - Media OutReach Newswire - 24 December 2024 - JustMarkets…

4 hours ago

Thailand Shines at ACES Awards 2024: Celebrating Leadership, Sustainability, and Innovation Across Industries

BANGKOK, THAILAND - Media OutReach Newswire - 24 December 2024 - The Asia Corporate Excellence…

4 hours ago

China Focus: Technology sows seeds of hope in combating desertification

HOHHOT, CHINA - Media OutReach Newswire - 23 December 2024 - China's National Forestry and…

14 hours ago

Novautek Honored with the “Outstanding SME ESG and Business Performance Award”

HONG KONG SAR - EQS Newswire - 23 December 2024 - Novautek Autonomous Driving Limited…

16 hours ago

V-GREEN and Xanh SM Indonesia sign MoU with Lippo for comprehensive green ecosystem in Indonesia

JAKARTA, INDONESIA - Media OutReach Newswire - 23 December 2024 - V-GREEN and PT Xanh…

17 hours ago