Incident of the Month: Attack via the home office

With the growing trend toward the home office, cybersecurity must also be rethought. If employees use their work computers to access the Internet via their home network, even a secure VPN for the connection to the company won't help. This is because corporate security is then only as good as the employees' worst-secured home network. Basically, it should be assumed that at least one of the home networks or private smart devices is already compromised. The leap to the company computer and from there into the corporate network is then only a matter of time.

Malware attack despite VPN

In an industrial company, this attack vector was recently identified, traced and cleaned up in the field by Rhebo Industrial Protector. A plant manager had accessed the manufacturing plant from his home office via a secured VPN. The initial message showed a new participant in the Operational Technology (OT). This subscriber began communicating with a variety of devices in the OT a short time later. The communication was interpreted by Rhebo Industrial Protector as a scan attempt. Presumably, the host wanted to use it to identify vulnerable devices and analyze the infrastructure. It was also noticeable that the new network subscriber communicated via protocols not previously used in the existing OT.

Hidden vulnerability and unknown protocol

Based on the messages and information, the security officer of the industrial company was able to block the connection to the new network subscriber and prevent further actions. As a subsequent detailed analysis revealed, one device in the OT had a known vulnerability. This was also closed. The company computer of the person responsible for the system was completely rebuilt and the access data was renewed.

Comprehensive protection in the home office

With Rhebo Industrial Protector, operators can monitor all communication within the OT across the board. Malicious communication is reported in real time, even if it is from an authorized user account. The security and stability of OT processes is strengthened and home office vulnerabilities are reported in real time. Security officers can thus respond quickly to security incidents.

A first step towards comprehensive OT transparency is a Rhebo Industrie 4.0 stability and security audit.

Still unsure? Book your Call here.