Researchers have learned to attack industrial robots. Thousands of them are available from the network.

Trend Micro experts published a report according to which at present around the world about 83,000 industrial robots are available from the Internet, while 5,000 of them lack authentication mechanisms. The researchers found in the robots 65 vulnerabilities, including those that allow to bypass authentication mechanisms, modify key settings and change the mode of operation of the device.

At the same time, experts note that it is possible to gain access to devices not connected to the network - for this, attackers can pre-hack industrial routers. Thus, cybercriminals have ample opportunities to conduct cyber attacks on disabling industrial equipment and sabotage production processes.
')
The effects of attacks on industrial equipment can be significant - for example, in the manufactured products there can be defects. Cybercriminals can interfere in production processes and then demand a ransom from manufacturers for its restoration, damage equipment or its operator, and also steal information stored in the memory of robots (product parameters, source code, etc.)

The researchers also presented a demonstration of an attack on an industrial robot. They demonstrated how using the method they developed, you can make changes to the behavior of the device. At the same time, the source code does not change, and the change in the movement of the robotic manipulator cannot be caught with a glance:



As shown by the research of Positive Technologies on the analysis of the security of the industrial control system in 2016, in most cases you can get access to the technological network resources from corporate networks. It forces to pay close attention to the problems of cyber security.

On Thursday, May 11, at 14:00 , a webinar will take place at which Roman Krasnov, a specialist at Positive Technologies, will talk about trends in the cybersecurity of the automated process control systems, our experience in analyzing the security of industrial enterprises, and also using the example of PT.

The webinar will be of interest to IB and IT specialists, engineers and automated process control systems responsible for ensuring cybersecurity at critical industrial sites. Registration by reference