The Threat of IIoT Cyber Attacks

December 17, 2018

By: Will Mapp

In the case of many industrial settings, the IIoT is considered the answer for numerous challenges. The connectivity that’s the result of it assists in efficiency, productivity, and profitability. When it comes to utilities, IIoT helps manage the demand, and for public infrastructure, it can help governments in delivering better services, which include public safety as well.

However, according to SonicWall’s 2018 Cyber Threat Report, the IIoT is increasingly becoming the target of cyber attacks, which is a big problem as the IIoT is often unsecured and ignored.

Only in 2017, worldwide, there were around 9.3 billion malware attacks, and more than 12,000 new vulnerabilities and exposures. The report states that most executives see cyber attacks as the number one operations, financial, and business risk. They are such a big problem that some consider them a more significant threat than natural disasters. Several other reports also state a similar thing.

In recent years, many conditions and trends have made it so that cybersecurity events that target the OT side of IIoT increase dramatically.  

Industrial Control System (ICS) cyber-attacks increase from 2007 to 2017

These attacks have been happening since the late 1990s. However, they had only become mainstream in 2010. That was when the Stuxnet malware targeting SCADA system in Iranian uranium enrichment plant was discovered.

Stuxnet changed everything. Afterward, interest in the security for control systems significantly increased, because, at the time, security features were not part of the standard industrial control system equipment.

Furthermore, several new threats were exposed, and several attacks occurred over the years:

  • In 2013, Havex/Backdoor.Oldrea remote access Trojan that targets ICSs discovered.
  • In 2014, a SCADA-targeting version of BlackEnergy discovered. Its use is against ICS.
  • In 2014, hackers took control of ICS in a German steel mill and caused massive physical damage.
  • In 2016, Russian hackers cause blackouts in Ukraine by hacking the energy grid with the Industroyer/CrashOverride malware.
  • In 2017, the WannaCry worldwide ransomware attacks targeted vulnerabilities in Windows-operating computers. NotPetya attacks followed those. Because of these two major ransomware attacks, the DHS issued more warnings to manufacturers and infrastructure owners about ICS vulnerabilities. In the end, the DHS and FBI issued a joint alert which stated that several attacks began targeting the ICS of the US.
  • In December 2017, the first malware designed to attack ICS revealed – the TRITON/TRISIS malware framework.

If all of these weren’t enough, as 2018 started, cyber events also began to escalate:

  • Many vulnerabilities in the Meltdown and Spectre microprocessors were discovered.
  • USA has identified Russia as the source of many attacks on US infrastructure and manufacturing.
  • A revised version of TRITON/TRISIS started attacking more brands and security hardware and managed to breach several US firms.
  • Further vulnerabilities were detected in several types of industrial hardware and software.

These attacks and other cyber events don’t seem to show any signs of stopping, which is why it’s becoming more and more important to focus on cybersecurity and getting better systems that will help stave off these attacks.

Related Articles



Editor’s Pick: Featured Article

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s scalable engineering software, u-control 2000, adapts individually to your requirements. And, the u-control is powerful, compact and fully compatible with Weidmüller’s I/O system u-remote. This article looks at what makes u-control the heart of your automation.

Programmable logic controllers (PLCs) are one of the main components of any automated system. A typical control system has inputs, outputs, controllers (i.e., PLCs), and some type of human interaction with the system, a human machine interface (HMI), for example.

Read More



Latest Articles

  • Vention Introduces AI, Making Adoption of Automation Easier

    December 20, 2024 By Krystie Johnston Vention has been on a mission to democratize automation since 2016. Etienne Lacroix, Founder and CEO of Vention, realized he could leverage software and technology to productize automation, making it more accessible to everyone. While working as an engineer and integrating systems for manufacturers, he noticed added costs and… Read More…

  • Machine Man Reflects on 50 Years In a Challenging But Rewarding Field

    December 18, 2024 Pat McCluskey’s machine design and build experience at ANCA has fuelled manufacturing exports for Australia for half a century For a half-century, ANCA has made the machines that make the tools that make the world go around. One half of its founding pair, Pat McCluskey, has designed many grinding machine tools in… Read More…