Tel Aviv, Israel, October 21, 2020 - A recent discovery by OTORIO, the leading provider of industrial-native cyber and digital risk-management solutions reveals an alarming situation in data exchange between manufacturers and suppliers.
It is a common practice for companies worldwide to scan incoming files for malicious attacks using online scanning services. In order to facilitate the process, certain security tools upload files automatically to the scanning engine, a casual action that occasionally results in the uploading of highly sensitive business information or intellectual property which in most cases remains online to be accessed by analysts in the large cyber community. Using the same processes, this sensitive information which is highly valuable when planning a targeted hack is accessible also to malicious actors.
OTORIO’s team identified thousands of project files belonging to dozens of vendors and industrial companies from different verticals and geographical regions. Some project files belong to the largest Automotive (OEMs), Consumer Goods, Food & Beverage and Electronics manufacturers in the world.
The extent and diversity of data from the different companies and sectors which were discovered indicate a serious systemic problem in the way sensitive information is being scanned. To be precise, the systematic flaw in the process is not the use of a scanning engine but rather doing so without proper configuration of the APIs. This research was conducted on one of the leading scanning engines available today, VirusTotal but this flaw is just as likely to be occurring on other online scanning engines, as well.
OTORIO’s research team examined the online presence of confidential files. Project files are the blueprints of the industrial processes, they hold the organization’s most sensitive know-how, including information about different network configuration mapping, hardware and software configurations, screen definitions, and the actual automation logic of the controllers. Normally, project files should be kept encrypted in a digital vault. However, because of the growing need to collaborate and share information with suppliers, they are transferred in cleartext via the internet. Once they reach the wrong hands, they could be used as a map for a targeted attack and potentially create massive damage to production.
Although the project files remain online indefinitely, they can be accessed only for a limited time of up to 12 months. Furthermore, the information can be accessed only by licensed cyber-security researchers. Nonetheless, in order to enable fast and efficient use, the online scanning engines cannot conduct in-depth screening processes for each analyst, thus potentially rogue players may gain access to the scanners’ database and confidential information such as the project files. The project files were not uploaded deliberately by the industrial companies, vendors, or their security service providers, rather they were uploaded unintentionally by misconfiguring the security applications that rely on online scanning engines to test for malicious files. While some of the information has been uploaded via 3rd party automated email gateway scanners, others were most likely uploaded via inhouse EDRs, or DLPs or IDS’s. By properly configuring the API’s one could easily avoid the systematic problem. Read more in OTORIO’s blog
OTORIO is an industrial-native cyber and digital risk-management solutions provider. OTORIO’s automated Digital Risk-based Maintenance solution aggregates threat data analysis to provide deep insights into industrial control systems, identifying risks, and mitigating them before they can cause damage. OTORIO empowers industrial companies to implement, automate, and operate secure production, making way for a safer, more reliable, and productive industry.