On May 12, hackers launched a “ransomware” cyberattack that would eventually infect 300,000 machines in 150 countries over a three-day period.
The ransomware, known as WannaCry, locked computers and blocked access to files. Victims were ordered to pay a $300 ransom to regain their data. The countries most affected by the ransomware were Russia, Taiwan, Ukraine and India, but the attack also hit U.S. companies, notably FedEx. Victims included universities, oil companies, telecom providers and train systems.
The virus hit computers running older versions of Microsoft software that had not been recently updated. Microsoft released patches in April and again during the attack to fix a vulnerability that allowed the worm to spread across networks. Computers at manufacturers and hospitals, which can be hard to patch without disrupting operations, were particularly vulnerable. Indeed, the cyberattack slowed or stopped production at five assembly plants run by Renault-Nissan, including the automaker’s huge factory in Sunderland, UK.
By May 15, the attack had largely been stanched. Renault-Nissan is the only carmaker to have reported problems stemming from the attack, but who’s to say Ford, GM or Toyota won’t be next? Cyberattacks on factories are the new normal today, and the WannaCry attack is only the latest. In 2008, for example, a uranium enrichment facility in Iran was disrupted by a computer worm, Stuxnet, allegedly developed by a U.S. intelligence agency. In 2014, a blast furnace in Germany was damaged after malware infected the steelmaker’s production management system and disabled control systems. In December 2015, a cyberattack on a power station in West Ukraine cut electricity to 80,000 homes.
Sadly, the problem will get worse as manufacturers invest in the Industrial Internet of Things and so-called “smart,” or “connected,” factories. Market research firm IHS forecasts that the number of “things” (machines other than computers) connected to the Internet will grow from 15.4 billion devices in 2015 to 75.4 billion in 2025.
That trend represents a tremendous opportunity to increase efficiency, but it could also leave manufacturers vulnerable to cyberattacks. And, it’s not just their computer systems manufacturers have to worry about.
A recent study by cybersecurity firm Trend Micro Inc. and Polytechnic University of Milan, Italy, concluded that robots are vulnerable to cyberattack. The researchers found that the much of the software running robots is outdated; is based on vulnerable operating systems and libraries; is reliant on obsolete or cryptographic libraries; and has weak authentication systems with default, unchangeable credentials. Additionally, the researchers found tens of thousands of industrial devices—including robots—residing on public IP addresses that could be exploited by hackers.
The researchers further demonstrated that hackers could alter a robot controller’s parameters; tamper with the robot’s calibration parameters; tamper with the production logic; and prevent operators from discovering any problems.
How good is your cybersecurity? Are your operating systems up to date? Is your data backed up and secure? Check now or start learning about bitcoin.