The Apprentice: You’re Hacked!

The need for robust cyber security measures to protect manufacturing from attacks has never been greater. As manufacturing assets become more connected, the adoption of new Industry 4.0 technologies increases, and the transition to cloud hosted platforms to leverage advanced data management and analytics continues, manufacturers must make cybersecurity part of that conversation to reduce the risk of a cyberattack.

Knowledge sharing on cyber security is key to helping the Manufacturing Industry learn from shared experiences. With my unique experience as both an Apprentice with SolutionsPT and University student, here are some of my learnings and tips on how best to help protect your software from vulnerabilities.

I am in my penultimate year of my Degree Apprenticeship studying towards a Bachelor of Science in Digital and Technology Solutions specialising in Cybersecurity at Manchester Metropolitan University. The Degree Apprenticeship program includes valuable on the job experience. I have acquired many more skills and techniques that cannot just be taught in a classroom as you are in real life situations helping customers. What I have learnt at university overlaps with work which consolidates my learning. I have also gained work professionalism which I would not gain if I were on a full-time University course.

For the past 3 years, I have worked as a Technical Support Engineer with SolutionsPT in parallel with my studies. As a Support Engineer I provide the necessary knowledge, expertise and drive to deliver a professional high-quality service in the delivery of support across the full portfolio of Industrial Software and Hardware Products that SolutionsPT provides.

At SolutionsPT we have an Apprentice Academy programme that works closely with Universities to deliver Apprenticeships from level three, all the way to full Bachelor’s and Master’s degrees. Each apprentice is assigned both a Management and HR Mentor, whilst being paired with a ‘buddy’. The ‘buddy’ is a year three or four apprentice who knows from experience how to best guide the new recruits in the balance of work and study.

2020_Image_PR_Apprentice Academy_2

As part of the Apprentice Academy, each of the apprentices will collaborate on a project. Coming from a background in Cybersecurity I have an in-depth understanding of what it takes to truly transform a business, SolutionsPT understands this and approaches Digital Transformation with a ‘People First’ model. This not only gives SolutionsPT customers a path to success in Digital Transformation but as I progress through the Apprentice Academy it gives me a clear path to a rewarding career.

I’ve taken the following examples from recent support cases to offer advice on how to protect your systems from vulnerabilities.

It is critical Microsoft Updates are maintained on the live production system with a routine weekly check of the latest updates. A great resource to check for this is the Security Central page of the AVEVA Global Customer Support website here you can check the Microsoft Windows Updates along with Cybersecurity Security updates for various products.

We recommend downloading the Archived Security Central Supported Products spreadsheet to check if a specific KB has been tested or is supported. If Microsoft Updates are not kept up to date, a known vulnerability may be exploited. AVEVA’s Tech Alert 34 gives you an overview of why it is important to maintain Microsoft Updates from a security perspective. AVEVA aims to verify that its software is tested with the latest Microsoft Security Updates within 15 business days of their release by Microsoft.

Here is an example of how AVEVA responded to vulnerabilities they found in Citect software, within its Floating License Manager. You can check the Common Vulnerabilities and Exposures by using the ID to find out more information. An overview below of each vulnerability in the Flexera FlexNet Publisher component provides an insight to how security gaps can be exploited that can lead to system downtime or a breach of data integrity:

CVE-2016-10395 - FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.

CVE-2017-5571 - Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher 11.14.1 and earlier, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVE-2016-2177 - OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash)

AVEVA responded quickly and released a new version of the Floating License Manager which addresses the above vulnerabilities. If these vulnerabilities weren’t identified, it would have allowed remote attackers to redirect the users to another website to perform phishing attacks where the attacker would gain information or download malware on to the machine. OpenSSL could have allowed the remote attacker to perform a DOS attack so the application would crash and would be non-responsive. OpenSSL is an open-source command-line tool that is mostly used to generate private keys, install your SSL/TLS, create CSR, certificate and identify certificate information.

Learn more about the vulnerabilities identified.

In October 2019, the AVEVA Insight security was upgraded. TLS helps to protect the privacy of information communicated over the Internet. Because of these changes, publishing data to Insight may be blocked until you make one of the changes in Tech Alert 419. Different options are available depending on the sources you are using. Changes made in this way disable obsolete versions of SSL and TLS for all applications on the computer. Please ensure that other components on the system using SSL or TLS 1.0/1.1 can also support TLS 1.2. Microsoft provides a mechanism to force applications to use the most secure versions of TLS.

Related article: Microsoft explains Transport Layer Security (TLS) best practices with the .NET Framework

 

My Top 3 Cybersecurity Tips:

  • Routinely check to ensure patches are applied to your operating system and applications. Latest operating system updates are maintained on your production system to reduce the risk of any potential vulnerabilities that could be exploited. From an Application Product Lifecycle perspective, it is important to keep your software up to date, on Mainstream Support running the latest versions, as they address any known vulnerabilities that have been identified.

  • Over 70% of all data breaches and exploits happen at the endpoint, addressing patches as described above really helps, however having robust endpoint protection is also necessary. Using a next-generation Solution such as Blackberry Protect that utilises Artificial intelligence, doesn’t require signatures, supports legacy operating systems and has a predicative advantage of up to 33 months over signature-based system.

  • Using the rule of least privilege further contains what a user can do or communicate with if rogue operations are undertaken. Applying application whitelisting and using secure by design methodologies such as IEC 62443 to ‘zone’ and restrict machine to machine communications provides reduced scope for lateral movement.

 

You can only protect what you can see, so having a full list of your assets, their runtime configuration, and the ability to monitor communications and recover back in the event of a disaster. If you can’t recover your process, then you don’t have a process at all. If you’re interested in studying Cybersecurity and advancing you career with an Apprentice Program, please reach out to me for more information, happy to offer advice.

If you would like to find out any more information all relevant links are below:


My suggestion would be for anyone who is involved with OT security to sign up for the alerts from CISA, these are sent out not just for AVEVA, but all operational systems and key applications used within OT.