Digital transformation is driving manufacturing production, but the benefits of robust online systems also make manufacturing companies’ systems more exposed to cyber risks.
According to a report from Checkpoint, the manufacturing sector average weekly attacks increased 41% by the end of 2021. This is why manufacturers must understand the type of cyber security threats they face and how to build effective workflows for alert triage, incident response, and threat hunting. This article will give you an overview of top risks and recommendations to tackle them.
Understanding the Risks of the Manufacturing Sector
Traditionally, manufacturing companies are connected with an internal network, with limited connection to the outside internet. As the technology evolved, manufacturing companies started adopting hybrid systems. The benefits were obvious, but the sector quickly ranked within the ten most attacked industries.
This cybersecurity issue exploded during the pandemic when companies increased their reliance on remote workers and faced rising pressures because of supply chain disruptions. Manufacturing companies are now among the most at risk from cyberattacks. Companies and government agencies have increased the requirements to protect sensitive data.
Based on IBM Security’s annual X-Force Threat Intelligence Index (which included data contributed by Intezer), manufacturing is one of the most targeted sectors by cybercriminals. Here are some highlights from the report:
- The manufacturing sector is hit four times more with business email compromise (BEC) attacks than other sectors.
- In 2021 ransomware actors attempted to “fracture” the backbone of global supply chains with attacks on manufacturing. Disruption on manufacturing organizations would cause their downstream supply chains to pressure them into paying the ransom.
- An alarming 47% of attacks on manufacturing were caused because of vulnerabilities that victim organizations had not yet or could not patch, highlighting ever more strongly the need for organizations to prioritize vulnerability management.
Below are some examples of recent attacks:
- Two Russian-based groups, REvil/Sodinokibi, and DarkSide, were linked to ransomware attacks on big manufacturers in the U.S.
- REvil was linked to the ransomware attack on JBS, one of the largest meat processing companies, where the company paid $11m in ransom.
- DarkSide attacked one of the Colonial Pipeline’s most extensive pipeline operations in the U.S, which provides gasoline to about half of the East Coast. After discovering the attack, the company proactively froze IT systems, resulting in supply chain issues for consumers as well as manufacturers that depended on gas from Colonial Pipeline.
- In February 2021, Morphisec discovered a campaign targeting several German manufacturing industry customers, which delivered fileless downloaders to drop an Osiris trojan. Other reports surfaced of additional victims from the United States and Korea who were hit with the same attack chain to deliver REvil and other payloads.
- In October 2021, another group discovered an attack against the Japanese technology giant Olympus. REvil, a Russian-based crime group, used a variant of WastedLocker called Macaw ransomware. They encrypted the company’s systems located in the U.S, Canada, and Latin America.
- Ransomware hit the largest candy corn factory, Ferrara Candy, in an attack that disrupted production just before Halloween (but luckily it didn’t affect supplies for Halloween treats).
The attack trend against manufacturing companies is expected to continue increasing during 2022. This is but a sample of the attack vectors manufacturers need to prevent. In the next section, we’ll explain the main cyber threats and recommendations to prevent them.
Top Cybersecurity Threats to the Manufacturing Sector
Ransomware became a common form of malware for cybercriminals. It is relatively easy to execute because it only requires an infected email or document with a malicious link, and the potential gain for criminals is high.
A ransomware attack often starts with a phishing email sent to an unaware employee, who is lured into opening an infected attachment or clicking on a malicious link. Another popular vector is to use a phishing attack where an employee is tricked into providing valid credentials or sharing company information. Once the ransomware is in your system, it will encrypt and extract your sensitive data. The attackers don’t have to stop there, moving laterally to spread as far in the network as they can.
How it affects manufacturing: Organizations that are victims of ransomware lose more than the amount paid on ransom. They also lose revenue from the disruptions to production, plus experience recovery expenses and fines. Ransomware can also compromise customer data, losing customers’ trust and damaging the company’s reputation. The impact of a ransomware attack can be devastating, and many companies never recover especially as cybersecurity insurance policies become more restrictive.
- Build a phishing investigation pipeline that uses automation to analyze URLs and attachments, so your security team can respond faster and prevent attacks.
Intellectual Property Theft
Manufacturing is one of the driving forces of innovation, containing trade secrets and products proprietary to each company. Industrial espionage or an insider threat can compromise its core business.
How it affects manufacturing: Attackers that gain access to the company’s systems may steal intellectual property (IP). As most manufacturers rely on their IP to be competitive, stolen company secrets can quickly drive a company out of business.
- Ensure your teams are able to save time and resources on effective alert triage and incident response, so they have the capacity for proactive threat hunting.
Supply Chain Attacks
Attacks to the supply chain, including transportation and warehousing systems, are gaining momentum among cybercriminals. A manufacturer’s supply chain usually consists of many interconnected companies, suppliers, sub-contractors, and other stakeholders, each with its own level of risk. An attack on one weak link in the chain can spread across and affect thousands of companies and users.
How does it affect manufacturing: There is an increasing digitalization of the manufacturing process and the subsequent move of their operations to the cloud. Because of that, manufacturers need to know their industry partners and the risk they may present.
- Deploy an endpoint detection and response platform on your endpoints, then integrate automation into your alert triage process to quickly confirm, prioritize, and investigate incidents.
The Internet of Things (IoT) devices helps manufacturers operate equipment remotely and log accurate data in real-time. The issue with IoT devices is that they are inherently exposed to the Internet. Therefore, they are at a greater risk of cyberattacks.
How does it affect manufacturing: If a piece of IoT-connected manufacturing equipment is compromised, it can cause operational disruption and even stop production. Additionally, a criminal may compromise an IoT device to gain access to your other systems.
- Use tools with automation to speed up investigations that require time-consuming tasks like memory dumps or reverse engineering.
Final Thoughts on Cybersecurity for Manufacturers
Manufacturing firms know that digital transformation comes with an increase in security risks. By being aware of the main threats and how to face them, you can start protecting your systems, intellectual property, and data. Implementing effective security practices and tools for automation can save you from massive losses.
Free your team from false positives, automate alert response, kickstart investigations with reverse engineer-level insights, and expand your threat hunting. Talk with us or explore trending analyses of threats in Intezer now.