Trend Micro investigates cyber attacks on CNC machines

November 14, 2022

New study reveals security risks and provides recommendation for risk mitigation

Trend Micro, international provider of cyber security solutions, published a new study on cyber risks for CNC machines. Industry 4.0 digitisation efforts are making these machines increasingly connected, making them an attractive target for cyberattacks.

CNC (Computer Numerical Control) machines can be found on many factory floors and enable the mass production of complex products with great precision and speed. At the same time, they can increasingly put their operators and manufacturers in the crosshairs of cybercriminals, according to the latest study “The Security Risks Faced by CNC Machines in Industry 4.0” by Trend Micro.

The Japanese IT security provider cooperated in this research with Celada, an Italian dealer and integrator of industrial machines, which provided several machines. The research looks at the risks CNC machines face when integrated into networked factories and was conducted at four suppliers representative of the CNC industry, selected for their size and market presence.

When CNC machines are networked, they are exposed to new threats that can cover a wide range of attack scenarios. These include:

Attacks that can cause immediate physical damage.
Cybercriminals can manipulate the internal configuration status or parameters of a CNC machine to influence its behaviour, thereby damaging the machine itself, its parts or the workpieces.

Denial of service attacks
Cybercriminals seeking to sabotage a production facility can carry out attacks aimed at disabling operations by altering a CNC machine’s functionality, such as its tool management system, or triggering alarms. It is also possible to lock a CNC machine with ransomware and then demand a ransom.

Hijacking
Attackers can change the tool compensation parameters of a CNC machine or manipulate the logic of parametric programs to introduce micro-defects to create faulty parts or components of interest to the attackers.

Data theft
Cybercriminals can abuse network protocols and functions to exfiltrate confidential program code or production information. For example, they can find out how something is produced, how many parts are made, by whom and in what time frame this is done, etc.

“In response to the results of our investigation, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the US Cybersecurity and Infrastructure Security Agency (CISA) has issued new security advisories to raise awareness of cyber risks to Haas and Heidenhain CNC controllers,” said Udo Schneider, IoT Security Evangelist Europe at Trend Micro. “We are very pleased to be able to help the entire Industry 4.0 sector become more secure in this way.”

To protect CNC machines from attacks, manufacturing companies should take concrete protective measures, such as:

Deploying context-sensitive industrial intrusion prevention and intrusion detection systems (IDS/IPS).
These systems can help operators monitor traffic related to the industrial protocols of their CNC machines in real time, so they can better distinguish legitimate work requests from potentially malicious activity.

Network segmentation
Proper network architecture, along with standard security technologies such as virtual local area networks (VLANs) and firewalls, is critical to limiting the number of unprotected interfaces that could be exploited by cybercriminals.

Patch management
CNC machine operating systems and software should be kept up-to-date with patches to prevent cybercriminals from exploiting critical vulnerabilities.

Further information

For more information and videos on the different types of attacks, as well as the full research report in English, please visit the following link: https://www.trendmicro.com/vinfo/de/security/news/internet-of-things/uncovering-security-weak-spots-in-industry-4-0-cnc-machines
The research findings will also be presented at the Black Hat Europe cybersecurity conference in London on 7 December 2022 at 13:30 (local time): https://www.blackhat.com/eu-22/briefings/schedule/#abusing-cnc-technologies-28834

>> Event in December 2022

Abusing CNC Technologies

Marco Balduzzi  |  Team Leader & Principal Researcher, Trend Micro
Francesco Sortino  |  Operations Manager, Celada
Leandro Pierguidi  |  Cybersecurity Engineer, Celada

Date: Wednesday, December 7 | 1:30pm-2:10pm ( Capital Suite Room 7/12 (Level 3) )

Format: 40-Minute Briefings

Tracks: Cyber-Physical Systems, Network Security

CNC machines are largely used in production plants and constitute a critical asset for organizations globally. The strong push dictated by the Industry 4.0 paradigm led to the introduction of technologies for the wide connectivity of industrial equipment, including CNCs. As a result, modern CNCs resemble more fully-fledged systems rather than mechanical machines, offering numerous networking services for smart connectivity. Given this shift into a more complex and software-dependable ecosystem, these machines are left more easily exposed to potential threats.

Our work explored the risks associated with the strong technological development observed in the domain of numerical controls. We conducted an empirical evaluation of four representative controller manufacturers, by analyzing the technologies introduced to satisfy the needs of the Industry 4.0 paradigm, and conducting a series of practical attacks against real-world CNC installations.

Our findings revealed that malicious users could abuse such technologies to conduct attacks like denial-of-service, damage, hijacking or theft. We reported our findings to the affected vendors and proposed mitigations. This talk wants to be an opportunity to raise awareness in a domain in which, unfortunately, security is not yet considered an important driver.

Related Articles

Rohde & Schwarz at International Security Expo 2024

Rohde & Schwarz at International Security Expo 2024

Loss Prevention and a safe Critical Infrastructure with Advanced Scanning Technology Rohde & Schwarz participates in the annual International Security Expo, taking place in London, from September 24-25, 2024. At booth D30 in the Olympia main hall Rohde &...

Share This