Endpoint/Device Security

CNC machines at risk of significant cyberattacks

Nearly a dozen types of cyberattacks could compromise computer numerical control machines used by many manufacturing facilities, according to SecurityWeek. Threat actors could compromise CNC products, including those from Fanuc, Okuma, Haas, and Heidenhain, to facilitate machine hijacking and intellectual property theft, either through changes in the device's geometry or controller's program, Trend Micro researchers reported. The findings, which will be presented at SecurityWeek's 2022 ICS Cyber Security Conference this week, also showed that alarms could also be triggered by attackers to interrupt manufacturing. Ransomware attacks could also be conducted with CNC machine access. Aside from stealing data through reverse-engineering CNCs, malicious actors could also exfiltrate production-related data through such systems, which could be used in corporate espionage operations. Vendors of vulnerable CNCs have been informed regarding the risks faced by their offerings. Meanwhile, manufacturing security teams have been urged to adopt industrial intrusion detection and prevention systems, network segmentation, proper CNC configurations, and up-to-date software to mitigate threats.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.