FEBRUARY 14, 2025

12 MIN.

Industry 4.0 and OT security: The 4 most common cyber attacks and how to protect your company

It is every cybersecurity manager’s worst nightmare. You grab a cup of coffee, boot up your computer, connect to the intranet, and … nothing happens. You are locked out. There is no access to internal files, systems are encrypted. You gradually realize that the company has been the victim of a ransomware attack. Relevant staff members are informed, the production facilities are shut down, and everything comes to a standstill.

This scenario has played out in many industrial companies in recent years. Cyber attacks aren’t just happening more often, they are becoming more technically sophisticated. It is becoming an increasingly important and challenging task to protect modern, networked production plants against this kind of attack.

The most common risks for OT security

In this article, we will highlight the most common cyber attacks facing industrial companies with networked production.  We will also cover the most effective strategies for eliminating vulnerabilities.

1. Insider threats

When a company’s employees—or external partners with access to parts of the organization—cause damage, this is known as an insider threat. These include both malicious and unintentional actions by the insider.

When an employee falls for a phishing link in an email and allows malware to sneak into the company network, this is classified as an insider threat, just as when a production manager deliberately manipulates the industrial control system (ICS).

Here are the basic principles of good cybersecurity practice that are recommended to mitigate unintentional insider threats:

Regular employee training courses
that include current risks and practical training

Access controls and file permissions
according to the Principle of Least Privilege (PoLP) assigned, so that only the lowest privilege possible is granted

Network segmentation and firewalls
to prevent the spread of malware across multiple business units

When it comes to insider malicious attacks and industrial espionage, the defense options are naturally limited. Basically, you can’t run a business without giving employees the necessary authorizations to do their jobs. Cybersecurity managers around the world are aware of this. According to a report by Cybersecurity Insiders 2023, 74% of respondents saw their companies as moderately or severely at risk from insider threats.

The focus should be on the rapid detection of security incidents through continuous monitoring. Machine learning also promises progress in data-based behavioral analysis, which automatically detects and reports deviations from normal user behavior. However, there is a risk of false positives here, for example, when the production process is interrupted.

At the end of the day, the most important currency in dealing with insider threats is trust: Select partners who can prove their credibility through long-term experience, references, and certifications such as IEC 62443. Foster a respectful and friendly working atmosphere for your employees.

2. Ransomware

Everyone is talking about ransomware attacks, as we described above. And rightly so. According to a report by Sophos, in 2024, the recovery costs alone in manufacturing increased by 55% to 1.67 million dollars compared to the previous year. And that’s without taking into account any possible ransom payments. In addition, a staggering 65% of all industrial companies surveyed reported an incident involving ransomware.

Meanwhile, professional criminal organizations that deal in ransomware are now active around the world, targeting specific weaknesses in vulnerable ICS with customized malware.

Many security managers in the industry are focused on strengthening OT security. This means patching vulnerabilities in outdated control systems and replacing components—a lengthy and time-consuming process.

If this is no longer entirely or partially possible, it is imperative to  separate the OT and IT networks in the company completely. A frequently used gateway for ransomware is a click on a phishing link on a PC in the company administration offices. With effective network segmentation, the attack can be contained and does not spread from the corporate IT to the OT. However, for this approach, network ports must be opened manually to ensure communication with the plant equipment. As these ports are often not closed again afterward, the network soon resembles a block of Swiss cheese with lots of holes—which is vulnerable to intruders.

TRIOVEGA developed edge.SHIELDOR, a safety solution for production facilities that works precisely at this network edge to shield the systems while still allowing communication to and from the machine. Read more here..

3. Manipulation of production via remote maintenance tools

Remote maintenance software has become an integral part of modern industrial production sites. Being able to control systems from a central location remotely can bring enormous efficiency increases in production management.

However, benefiting from the added efficiency offered by an internet connection also provides cyber criminals an additional entry point. Usually, remote access tools rely on open network ports for communication—which is where the problems with network segmentation begin. Hackers can gain access to the network via the open ports. They then either manipulate the production parameters directly or use the gateway to explore the company network and gain access to other devices and endpoints. This is a common cyber attack scenario on industrial companies, as malware sneaks in via a vulnerability in the production, and spreads throughout the IT systems.

Multi-factor authentication and secure administration of remote access sessions with connection timeouts are indispensable elements of OT security. However, to achieve the highest security level, we recommend completely eliminating open ports in remote maintenance. Screen transmissions should only be available to authenticated users operating via encrypted VPN connections in the company network. An integrated solution such as edge.SHIELDOR can then be used to manage and monitor user rights and access from a central location.

4. Supply chain attacks

The introduction of the NIS 2 Directive in the EU wasn’t the first time that supply chains have been a focus of cyber security efforts. Increasingly complex supplier networks and production lines, with numerous software and hardware components from different manufacturers, result in increased cyber risks.

Attackers can infiltrate the supply chain at various points, place manipulated equipment in deliveries, or install malware.

That’s why it is so important to choose suppliers carefully and assess the individual risk factors for each candidate. Conduct regular audits of your key suppliers‘ safety measures and promote common standards.

For individual software solutions, it is best to work with partners who prioritize security-oriented development and have experience in your specialist area. TRIOVEGA’s development processes for industrial control systems, for example, are certified to the highest safety standard IEC 62443. Our experts from Custom Software Solutions develop cyber-resilient applications with continuous security updates, even after integration. This provides your software components with the best possible protection against cyber attacks.

Secure the future of your company

In a forward-looking industry, investing in cyber security is now more critical than ever. With a plan to mitigate the biggest cyber risks in your company, you can set the course for sustainable business success. Our cybersecurity experts at TRIOVEGA will be happy to answer your questions about the software products and services we offer to accompany you on this journey.

Author: Mareike Redder

Mareike Redder has been working as an IT engineer at TRIOVEGA GmbH since 2018, and has been responsible for product management since 2022.

Book your individual consultation!