Researchers at the cybersecurity firm unearthed how hackers could exploit several vulnerabilities in computer numerical control (CNC) machines. The research report published on October 24 highlighted how these CNC machines could be used to launch denial of service (DoS) attacks, data theft, and corrupt the machine to delay services.
What are CNC machines?
Computer numerical control (CNC) machines enable the mass production of goods with precision and high speed. Several manufacturing companies use CNC machines that are connected to the internet. These machines facilitate production that many industries depend on and can lead to consequences, including financial losses, if the configuration of these machines is fidgeted with.
Details of the attacks
If the vulnerabilities aren’t taken care of, they can result in the following exploitations:
- Hijacking would give the hackers the power to change the parameters of the CNC machine causing defects to its components.
- Cyber-attackers can exfiltrate sensitive data like confidential program codes or product information using open network protocols.
- Hackers can trigger unexpected behaviors by altering the CNC machine’s internal configuration, causing fear among the staff.
- They can launch a denial-of-service attack that could impact productivity and disrupt regular operations.
Furthermore, the following security measures were also shared in the report:
- Implementing context-aware industrial intrusion prevention and detection systems (IPS/ IDSs) that could enable companies to conduct real-time traffic monitoring to detect unauthorized access.
- Going for network segmentation with standard security technologies using virtual local area networks (VLANs) and firewalls to limit abuse of the systems.
- Using modern models of the CNC machines and, while doing so, keeping its software up-to-date to limit access in the hands of threat actors.
Several industries use CNC machinery, including the military, defense, marine, medical, transportation, aerospace, and oil and gas. Not having the CNC machine work properly could lead to delays and damage, impacting the government and the people. Due to the increased number of cyber-attacks on critical infrastructure in the United States and other countries, manufacturers must do the needful to keep threat actors at bay.
