According to research by Positive Technologies, attackers are gaining access to the industrial Internet of Things (IIoT) through edge devices, including sensors and controllers. These edge devices are vulnerable to various threats, including hardware vulnerabilities, firmware flaws, malware, weak passwords, and unsecured internet access. We have also observed cases of data transmission protocol breaches and IoT gateway hacks, alongside cyberthreats targeting analytical systems and specific industrial software.
As reported by Fortune Business Insights, IoT adoption reached its peak in 2023 within sectors like healthcare, manufacturing, telecommunications, and agriculture. Our surveys indicate that companies are implementing IIoT solutions to address multiple objectives, primarily for monitoring production and technological processes, automating adjustments, and analysing the state of IT equipment.
In the power engineering sector, IIoT upgrades power supply channels and implements smart grids. In the petrochemical industry, it aids in the automatic detection of deviations from production standards. In metallurgy, IIoT helps collect data from sensors located in hard-to-reach areas of production. In mechanical engineering, IIoT enables real-time monitoring and analysis of both equipment and personnel performance.
Ekaterina Snegireva, Senior Analyst at Positive Technologies, notes: “Today, more and more companies are automating their processes using advanced technologies, including AI. This includes creating digital twins to test the performance of industrial systems under specific conditions and evaluate the effectiveness of security measures. By using IoT and data analytics, companies can monitor equipment and detect malfunctions before they occur.”
Over the past five years, the industrial sector has consistently been one of the most targeted industries. In Q1–Q3 2024, manufacturing companies faced attacks from APT groups in 19% of all reported cases. In most cases, criminals used malware (79%), with ransomware accounting for half of these attacks, as well as social engineering (58%) and vulnerability exploitation (37%). Cybercriminals are increasingly using legitimate software to reduce the risk of detection by security measures.
Dark web forums not only provide attack tools but also detailed guides on how to execute these attacks. For example, an exploit that allows attackers to hijack an IoT gateway to send malicious commands to connected devices can cost $1,000. Additionally, cybercriminals offer custom exploit development services.
The primary goal of attackers is to obtain confidential information (65%), with 37% of cases involving trade secrets. Furthermore, 33% of incidents resulted in disruptions to production processes within enterprises.
While the IIoT sector grapples with insufficient standardisation, some countries are already implementing relevant laws and initiatives. In Russia, the government and industry stakeholders are collaborating on the digital transformation of the sector. For example, in 2024, Russia’s first certification body for trusted software and hardware systems was established, with the certification expected to extend to IIoT components.
To stay protected, we recommend using MaxPatrol O2, an autopilot solution for result-driven cybersecurity. Conduct asset inventory and timely vulnerability remediation, ensure network segmentation, secure your hardware and software supply chains, and provide regular training for your personnel. Participating in bug bounty programmes and conducting routine security assessments in the format of APT bug bounties are also important. For analysing traffic in industrial networks, consider using PT Industrial Security Incident Manager, and for detecting targeted attacks on endpoint devices, rely on MaxPatrol EDR.
Discussion about this post