Machines need regular maintenance, not just to make sure the usual wear and tear hasn’t damaged the machine but also to do routine updates and checks. The more complicated the machinery, the more intensive the maintenance process is.
The maintenance process will usually require access to the machine and all the connected systems used to manage the operations—for example, a modern water pump is connected to pipes that deliver water, as well as a control system to monitor and adjust pressure and flow. During routine maintenance, both the hardware and software are vulnerable when normal operations and security protocols are paused or switched to another mode so that updates or fixes can be applied.
A 2016 incident in Taipei proves how the maintenance period can be a very effective avenue of attack. Reports say that a disgruntled employee took advantage of routine maintenance to install malware on the software managing YouBike, which is a biking service that operates throughout the country. The bikes became inoperable as a result, costing the enterprise US $662,910 in damages and lost revenue. The engineer was caught and charged by the Taichung District Prosecutors’ Office in Taiwan.
Besides the fact that, during maintenance, there are little to no security measures in place—even fundamental layers like application control or whitelisting—there are also other issues that could potentially be exploited.
Cyber threats affecting enterprises set a record high in 2016, which should encourage organizations to rethink their security measures across all aspects of their business, especially the maintenance of machinery that is integral to operations. Maintenance policies should be restructured, security solutions added, and machines in general should be updated so they can receive proper maintenance.
Below are some specific solutions that should be considered:
For some standalone PCs or closed systems, anti-malware software cannot be installed, malware scanning with the latest malware pattern file is difficult, and malware infections can still occur via USB flash drives or other devices brought inside. Trend Micro™ Portable Security 2™ is a malware scanning and cleanup tool designed as a USB flash drive for environments where an internet connection is not available or anti-malware software cannot be installed. And Trend Micro Safe Lock can be used for smart whitelisting protection that can keep the system still locked under maintenance, and just allow approved software to be updated.
Organizations can also use Trend Micro™ Deep Discovery Inspector™ to monitor machines connected to a network. Using specialized detection engines and custom sandbox analysis, Deep Discovery Inspector identifies advanced and unknown malware, ransomware, zero-day exploits, command and control (C&C) communications, and evasive attacker activities. TippingPoint’s Integrated Advanced Threat Prevention provides actionable security intelligence, shielding against vulnerabilities and exploits, and defending against known and zero-day attacks. Solutions, such as Advanced Threat Protection and Intrusion Prevention System, powered by XGen™ security, use a combination of technologies such as deep packet inspection, threat reputation, and advanced malware analysis to detect and block attacks and advanced threats.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.