Cybersecurity for Manufacturing: Malware Overview 102

"Cybersecurity for Manufacturing: Malware Overview" covers different types of malware and how each functions. Manufacturing organizations using Industrial Internet of Things (IIoT) technology and other devices with internet functionality are vulnerable to a range of existing and emerging malware threats. In addition to traditional computer worms and viruses, criminal hackers create other types of malware, such as spyware, Trojans, and ransomware, to attack digital networks. They also employ phishing and other social engineering tactics to manipulate users into performing actions that plant malware onto systems.

Manufacturers should be aware of vulnerabilities associated with all their digital assets and have a basic understanding of the range of tools criminal hackers may use to compromise these assets. After taking this course, users will be able to recognize malware threats. Users will also understand the basic strategies of criminal hackers and ways to defend against them.

Class Details

Class Name:
Cybersecurity for Manufacturing: Malware Overview 102
Difficulty:
Beginner
Number of Lessons:
14

Class Outline

  • IIoT Technology and Malware Risks
  • Phishing & Social Engineering
  • Recognizing Phishing Attacks
  • Review: Cybersecurity Basics
  • Trojan Horses
  • Spyware
  • Ransomware
  • DDoS Attacks
  • Review: Malware Types
  • Protecting Against Malware
  • User Responsibility and Raising Awareness
  • Responding to Cyber Attacks
  • Responding to Cyber Attacks
  • Review: Malware Protection and Response

Objectives

  • Describe the risk of malware associated with IIoT technology.
  • Describe social engineering and phishing tactics.
  • Identify ways to recognize phishing attacks.
  • Describe how Trojan horse attacks function.
  • Describe how spyware attacks function.
  • Describe how ransomware attacks function.
  • Describe how DDoS attacks function.
  • Identify methods for protecting against malware.
  • Describe considerations for promoting user responsibility and awareness for cybersecurity.
  • Identify common strategies for responding to malware threats.
  • Explain the purpose of mirror servers and server clusters.

Job Roles

Certifications

Glossary

Vocabulary Term Definition
administrative privileges Permission to access and modify critical files, applications, and settings on a digital system. Administrative privileges are typically protected by a password.
anti-malware Security software that protects against various types of malware, especially newer threats. Many anti-malware products protect against the latest malware and may not include protection against some older malware types.
antivirus Security software that protects against common viruses, worms, trojans, and other known malware threats. Antivi-rus software must recognize a threat in order to protect against it.
automation The use of self-regulated equipment, processes, or systems that meet manufacturing requirements with limited human intervention. Automation, which includes both robotic and CNC-controlled processes, is an efficient means of performing manufacturing processes.
backdoor A method that may be used by network administrators or hackers to gain access to a computer or network by bypassing system security. Backdoors are sometimes installed intentionally for administrative purposes but can make a system more vulnerable to cyber threats.
backup servers A digital device that copies and regularly updates data stored on a main server. Backup servers provide a buffer of security against data loss.
Bitcoin A popular type of cryptocurrency. Bitcoin is often the preferred form of payment of criminal hackers in ransomware attacks.
black hat hacker A type of hacker who uses computer coding and other skills to carry out illegal activities, such as stealing sensitive data or disabling digital technology. Black hat hackers, or criminal hackers, may include nation-states, foreign or domestic groups, or individuals seeking financial or political gain.
bot An infected computer system or device that can be controlled remotely by a hacker to carry out malicious activity. Bots may be used to send unwanted emails without the user's knowledge, as part of a botnet in a DDoS attack, or for other purposes.
botnet A group of infected computer systems or devices on one or more networks that can be controlled remotely by a hacker. Botnets can potentially overload a server's capabilities and completely disable system operations.
compact discs CD. A data storage format that reads and writes optical data. CNC machines sometimes use CDs to store part pro-grams.
computing devices Hardware devices that operate using software or programming commands. Computing devices used in manufacturing include computers, mobile devices, programmable logic controllers (PLCs), and other programmable devices.
continuous monitoring Consistently tracking various activities on a digital system or network. Continuous monitoring practices include tracking user activity and reporting potential cyber threats.
criminal hacker A type of hacker who uses computer coding and other skills to carry out illegal activities, such as stealing sensitive data or disabling digital technology. Criminal hackers, or black hat hackers, may include nation-states, foreign or domestic groups, or individuals seeking financial or political gain.
cryptocurrency A type of electronic currency that is created and transferred using encryption methods and is not monitored by centralized banking or digital currency systems. Cryptocurrency is exchanged between users without intervention or regulation from governments or other authorities.
cyber attack An effort to disrupt, disable, or gain illegal access to a cyber network or device. Cyber attacks include hacking, phishing, and malware.
decryption code A specialized digital key used to unlock encrypted files. Criminal hackers typically promise to send a decryption code once a user pays the ransom in a ransomware attack.
digital Consisting of information that is input or output electronically as a series of pulses or signals, often resulting in binary strings of 0s and 1s. Digital computing devices interpret various programming commands as binary digits.
digital networks A group of systems and devices connected to one another through wired or wireless connections. Digital networks allow data to transfer electronically from one location to another.
Distributed Denial of Service DDoS. A cyber attack aimed at disrupting or disabling a network by flooding it with more internet traffic than it can handle. Distributed Denial of Service attacks are typically carried out by infecting several devices on a network.
domain email An email account that uses a purchased domain name in its address. Domain email addresses in emails sent by professional organizations should typically match the organization's website domain name.
encrypts Transforms data into another form that can only be accessed using a decryption key. Hackers encrypt data on targeted systems to lock files and applications in ransomware attacks.
executable file .exe. A type of file that runs a program on Windows operating systems. Executable files can be used by hackers to run malicious programs.
external hard drives A memory storage device that stores and retrieves data on a computer. An external hard drive can connect to and access files on various computing devices, usually through a USB connection.
external storage devices Digital devices that can connect to and copy data files from other devices and systems. External storage devices, such as external hard drives, help prevent important information on data files from being erased or lost due to damage.
file A data register in a computational device that stores bits of information. Data files store information, such as addresses or conditions for associated devices. Data files store all relevant information for software on a system.
firewall software Security software that allows intended internet communications while blocking access to unauthorized users or websites. Firewall software can be installed on a system like other software packages.
flash drives A small, portable memory card that can be used to store data, such as CNC part programs. Flash drives connect to hardware devices through a USB port.
hardware Hardware is the physical equipment used in a computer system. IIoT hardware includes sensors, wireless routers, and computing devices.
hardware firewall Any hardware device equipped with built-in firewall technology. Most wireless routers are equipped with a hardware firewall.
hosting Storing data files and applications on a server or group of servers for a website that users can access online. Hosting can be done using local servers or through purchasing cloud-based services.
hyperlink A clickable element in an electronic document that connects to another digital location. Hyperlinks can be used to connect users to malicious content.
IDS Intrusion Detection System. A hardware device or software application that monitors data flow on a network and detects potential cyber threats. An IDS sends threat alerts to system administrators, allowing them to respond quickly to cyber attacks.
incident response A strategy intended to guide the actions of team members in the event of a cyber attack. Incident response strategies help organizations mitigate risk, prevent or minimize damage, and alert stake holders appropriately in response to cyber attacks.
Industrial Internet of Things IIoT. A network of physical devices used in manufacturing that contain computing systems. The Industrial Internet of Things allows devices to exchange data and automate processes without any human intervention.
internet usage data Detailed information on internet traffic, such as the amount of data transmitted and websites visited. Internet usage is often monitored by software installed by employers and can also be captured by spyware.
intranet A local or private communication network accessible only to authorized users. Some intranet networks allow access to the internet.
intrusion detection system IDS. A hardware device or software application that monitors data flow on a network and detects potential cyber threats. Intrusion detection systems send threat alerts to system administrators, allowing them to respond quickly to cyber attacks.
load balancing Distributing data requests and network traffic flow evenly across multiple servers to optimize speed and functionality. Load balancing with cloud server farms can greatly increase processing speeds and computing power.
local Hosted internally on one or more devices. Local servers provide more security than remote servers but are typically more expensive.
machine learning The process that enables a digital system to analyze data in order to build predictive models and make decisions autonomously. Machine learning is a key benefit of Industry 4.0.
malware Any malicious code or software that can potentially harm a computer, device, or network, or retrieve data from the network or device without authorization. Malware often exists undetected on systems for extended periods of time.
mirror server A computer system that stores data copied from a main server. A mirror server can be set up to act as the primary server if a main server goes down.
operating system The software on a computer that allows files to be created and organized, manages the interaction of different programs, holds data in memory, and performs other functions. The operating system essentially runs the computer.
passwords A series of characters, known only by authorized users, that allow the users to access an otherwise locked digital system. Passwords effectively prevent unauthorized access as long as they are not shared or discovered by unau-thorized users.
phishing A social engineering tactic often employed by hackers that uses electronic communications intended to trick users into providing information or downloading malware. Phishing attacks are usually conducted via email messaging.
ransomware Malicious software that uses data encryption to restrict access to files on a system. Ransomware attacks usually demand some form of payment in order for the user to regain access to the encrypted files.
registered Licensed and supported by a trusted company or enterprise rather than a third party. Registered software typically allows access to technical support from the trusted enterprise as well as regular updates and other benefits.
remote Hosted externally on one or more devices. Remote servers can be cost-effective but may be less secure than local servers.
rootkit A type of software often used by hackers to change security settings on an operating system in order to access or control the system remotely without detection. Rootkits can hide malicious code from anti-malware programs and are often spread using Trojan horse attacks.
security patches A software fix that corrects coding flaws or improves vulnerabilities. Security patches are often included with software updates.
security software Any computer program designed to protect data privacy and prevent data loss or damage to a system or network. Security software can include antivirus, anti-malware, and firewall software.
self-replicate To make duplicates or copies of itself without user action. Self-replicating digital worms are more difficult to remove than basic viruses.
server The physical computer that shares information with other computers within its network. The server for a network of CNC machines, for example, would share part programs with each machine on its network.
server cluster A group of synchronized computer systems that store data copied from a main server. A server cluster can greatly improve the operational efficiency of a network.
server clustering A system backup strategy in which contents of a primary server are duplicated and constantly updated on a group of synchronized servers. Server clustering helps prevent data loss and slower processing speeds when the volume of data being transferred is high.
server mirroring A system backup strategy in which contents of a primary server are duplicated and constantly updated on a separate server or storage device. Server mirroring can help organizations recover from cyber attacks by restoring lost or compromised files.
smart manufacturing Technologically integrated manufacturing that creates and uses data in real time to address the needs of the factory, supplier, and customer. Smart manufacturing is an advancement of traditional manufacturing automation.
smart sensors A device equipped with software that can detect physical inputs, process them as data, and output digital signals. Smart sensors are more advanced than normal digital sensors since they can process data internally rather than simply sending digital signals to an external system to be processed.
social engineering A type of cyber attack in which hackers try to gain access to a system by manipulating a human actor. Social engineering tactics often aim to influence human emotions to drive a desired action.
software The instructions, formulas, and operations that structure the actions of a computer. Software often consists of a computer program or application.
software updates The latest version of a software package that is typically installed through an internet connection. Software updates often include security patches that address vulnerabilities found in earlier versions of the software.
spear phishing A targeted phishing attack by a hacker intended to trick a specific individual into providing information or downloading malware. Spear phishing attacks involve intense research into details of the individual and organization in order to seem legitimate.
spyware Malicious software that can collect data from a system without authorization once installed. Spyware is often installed using a worm or virus.
standard currency Officially recognized currency, such as U.S. dollars, regulated by a government entity. Hackers sometimes request standard currency as a form of payment in a ransomware attack.
system backup A strategy in which copies of original data files are stored on one or more separate devices. System backup is critical in order to recover from a cyber attack.
trade secrets A formula, practice, process, design, instrument, pattern or compilation of information that is not generally known or reasonably established. Digital documents containing trade secrets can potentially be stolen by criminal hackers.
traffic The flow or transfer of data between computational devices. High traffic volumes can slow down or disable systems in a network.
Trojan horse A type of malware that poses as another trusted software application. Trojan horse attacks often install malicious software that allows hackers to control infected systems.
two-step verification A security measure that requires users to enter additional information in addition to a password when logging into or accessing a system. Two-step verification methods include entering temporary codes sent to trusted devices and answering security questions.
Uniform Resource Locator URLs. An address to a website. Uniform Resource Locators display when the user hovers over a link to the page in most web browsers.
viruses A type of malware that copies itself onto a computer or device by attaching to existing code. Viruses must be transferred by a user in order to spread to other systems.
wireless cameras A camera that transfers audio and video data using a radio signal. Wireless cameras send data via wireless, or WiFi networks.
wireless networks WiFi. A network that uses radio waves instead of copper or fiber optic cable. In a wireless network, a device transmits a radio signal through an antenna.
wireless routers A signal-producing device that transmits data through an antenna rather than a network cable. Wireless routers, which are used to create computer networks, operate through the use of radio waves.
worms A type of malware that can copy itself onto multiple computers or devices within a network. Worms can spread to other systems without human interaction.