Cyber Attacks on the Manufacturing Sector
Since many years, cyber threats have been focused on sectors including healthcare, retail, banking, and energy. Simply because there was a dearth of knowledge and communication within the sector, manufacturing was seldom discussed. The manufacturing sector differs from other sectors in that it has no intermediary relationships with the outside world. Prior to the development of technology, manufacturing enterprises were only connected to one another through a network of a single company and had limited access to the internet, making it challenging to interact with other businesses or individuals.
“Manufacturing becomes the world’s most attacked Industry” according to IBM’s X-Force Threat Intelligence Index 2022.
One of the most widely used digital communication channels nowadays is email. Due to its widespread use and security flaws, it is also a popular target for online threats such domain spoofing, phishing, and business email compromise (BEC). Emails are more likely to be intercepted, and hackers may exploit them to discover covert communications. Viruses, threats, and scams that can lead to the loss of data, personal information, and even identity theft are routinely included in emails. Therefore, it is crucial to find and remove people and devices that are abusing email services. In order to gather reliable evidence to prosecute criminals, email forensic analysis is used to examine the origin and content of email messages as evidence, identifying the real sender, receiver, date and time it was received, etc.
Here are few manufacturing industry cyber attacks in news.
- In February 2022, cyberattack on Toyota’s supply chain shuts its 14 factories in Japan for 24 hours. Toyota suspends production at car plants as cyberattack hits key supplier.
- In June 2021, Audi and Volkswagen revealed a data breach had affected more than 3.3 million customers and prospective buyers, who were primarily U.S.-based.
- The June 2020 cyber-attack against Honda was another sign that the capabilities of criminal cyber attackers continue to evolve and can become more dangerous to OT infrastructure.
- In 2017, Renault-Nissan experienced a cyberattack involving the WannaCry ransomware that stopped production at five plants located in England, France, Slovenia, Romania, and India.
- OXO International, a New York-based manufacturer, discovered a breach that exposed its customer information at various periods between June 2017 and October 2018.
- Visser Precision, a space and defense manufacturer, experienced an attack involving DoppelPaymer ransomware, which encrypts and exfiltrates data.
- A 2016 attack that targeted the accounting department of FACC AG, an Austrian airplane component manufacturer, resulted in at least $55.8 million in losses.
The outdated methods of communication used in the manufacturing sector are a result of technology's advancement. The panorama of cyber threats changes as communication mediums do. The unfortunate reality is that the industrial sector was unable to address the security difficulties that come with having so many susceptible endpoints, and they now have no option but to use internet connectivity in a number of ways.
by Dr. Shekhar Pawar
Table of Contents
Intellectual Property Theft
Supply Chain Attacks
Recommendations for Manufacturing Industry
How SecureClaw Is Protecting Customers
Let’s discuss about top 6 cyber threats of the Manufacturing Industry.
A range of computing systems known as operational technology (OT) is employed in the industrial sector to assist in managing, overseeing, and controlling physical activities. In other words, operational technology is the application of information technology to the management of infrastructure, equipment, and physical processes.
Additionally, a vendor or other third party may manage the software that manufacturing industries utilize for their equipment, particularly in highly automated processes. The system's upgrades and bug patches are the vendor's responsibility. This raises the prospect that, like with SolarWinds, cyber-attackers may decide to target the software supply chain rather than an enterprise directly.
OT attacks generally occurs due to below few reasons:
- Unrestricted use of machinery for maintenance
- Unpatched CPUs, PLCs, and control servers
- OS components that are not hardened
- Hardcoded or default login credentials
- Web access without protection
- Data flow is uncertain and network segmentation is missing
- Unprotected entry points
Possible cyber-attacks to OT are:
- Production loss (denial of service)
- Production process manipulation
- Intellectual Property (IP) theft
- Lateral Movement
- Environment-related factors
- Concerns with machinery destruction or safety
CNC machines are widely used in Manufacturing Industry. CNC Machines can be Vulnerable to Hijacking, Data Theft, and Damaging Cyberattacks.
Phishing attacks include the target clicking on a fraudulent link or email attachment. The websites and files violate the target's browser security settings and collect any data they can for financial benefit. Web-based malware downloads that include trojans or other dangerous content are the major method that the industrial sector becomes a target of phishing assaults. By using malware, vulnerabilities are found in systems, and the attacker receives the information. The threat actor gathers data, which is then either used to make a ransom demand or sold on the dark web.
Why is the manufacturing industry so susceptible to phishing scams?
There are several causes as below.
- Older Technology
It is common knowledge that the manufacturing sector employs antiquated or poorly designed security-enhancing technology. Attackers would just need to conduct a little amount of work to compromise legacy equipment.
- Espionage in Industry
A manufacturer is a prime target for threat actors driven by cyber espionage if they have contracts with the government. If they can target the suppliers and customers associated with a specific industry, they are aware that some sectors will be severely weakened.
- A large Monetary Gain
The manufacturing sector is enormous and contains a wealth of private information that may be used for commercial advantage. This information may contain credit card information, bank details, data related to financial institutions, and social security numbers. These details may be traded or used to hold other networks ransom.
- A variety of IT Infrastructure
For production units that are located in different places, different sets of technologies are employed. Each technology type may have unique hardware and software, which leads to the fragmentation of security frameworks. As a result, not all systems will be protected by the same security architecture.
- Insufficient Centralized Visibility
For a threat actor, not having a single platform to see data flow is an excellent access point. Attackers can take advantage of several obscure gaps and difficulties inside the disjointed architecture.
- Techniques for Less Secure Encryption
An excellent entry point for a threat actor is having many platforms to examine data flow. Attackers can take advantage of the fragmented framework's numerous undiscovered weaknesses and complexity.
To spread malicious software through emails posing as promotional offers, the attackers are employing a number of tools and traditional phishing approaches. To plan their assaults, the threat actors also employ legal software (such as TeamViewer or Remote Manipulator System). Programs that assist threat actors in gaining access to devices look for data on recent purchases and financial software. To obtain more privileged access and steal data, other techniques are being deployed.
Threat actors have provided their victims links to websites and infected email attachments in different situations. In both cases, the emails convinced the intended recipient to download the threat actors' tools on their own. Employing contemporary technologies and training personnel about phishing attacks may help keep firms secure.
Attackers making use of the cascading effects that occur when a manufacturing organization's production flow is interrupted. Threat actors are aware that as a result of the assaults, their supply chains farther down would be compelled to demand a ransom. This underscores the necessity for all manufacturing organizations to incorporate vulnerability management in their security policies.
According to the IBM’s X-Force Threat Intelligence Index 2022 survey, 47% of assaults inside the manufacturing industry were caused by vulnerabilities that companies didn't fix.
Learn more about Ransomware cyber-attack.
INTELLECTUAL PROPERTY THEFT
Theft of intellectual property (IP), a sort of information that may seriously harm a business, is frequently disregarded. The risk for IP theft has increased as hackers have developed new techniques for breaking into networks and moving covertly from one system to another. Threat actors have the ability to access a system covertly, move around it, gather information, and then exit before anyone even notices they were there over time.
Attackers have access to data that they can change or steal. Before you observe your company's trade secrets being exploited somewhere else, you might not even be aware that anything happened. This poses a particular risk to the manufacturing sector since it can be challenging to safeguard the business information required to produce products. Trade secrets, intellectual material, and contracts might all be easily stolen now that threat actors can move information in a matter of seconds. Some industrial firms are vulnerable to APT (nation-state) assaults because they have contracts with governmental organizations. These assaults may be carried out for a variety of reasons, such as pure cyberespionage or a desire to learn military secrets.
An attack on intellectual property is more likely to be motivated by data theft than by the desire to profit financially. Because threat actors merely take data as covertly as possible without any intentions of making money, IP theft is very challenging for cyber security experts to identify. Because the threat actors behind ransomware attacks are primarily interested in making money, they frequently leave ransomware notes and other traces of their presence on the systems they target.
SUPPLY CHAIN ATTACKS
Regardless of the sector, supply chain assaults are a critical security concern, but in recent years, attacks on the industrial sector's supply chains have increased in frequency. When threat actors gain access to a company's network through a supplier or vendor from outside the company, it is called a supply chain assault. Intruders can access sensitive data, client records, and payment information by using viruses or malicious software to obtain access.
The assault itself may be challenging to identify since a supply chain might be extensive in scope. Naturally, companies and organizations in the manufacturing industry engage with several suppliers. Any interruption to the production process has a knock-on impact and results in significant delays. It's crucial for manufacturing enterprises to safeguard their supply chain and ensure that the businesses they work with share their commitment to security.
Three different kinds of supply-chain assaults exist:
- Software Supply Chain Attacks
An whole supply chain may be disrupted by an assault with only one hacked program or piece of software. These attacks introduce malicious code to a trusted app or software system by focusing on the source code of the targeted application.
- Firmware Supply Chain Attacks
This assault, which installs malware into a computer's boot record, takes place in a single second. Once the targeted machine has started, the virus is activated, putting the entire system at danger. Quick, destructive, and occasionally unnoticed, these assaults.
- Hardware Supply Chain Attacks
This form of assault is dependent on tangible objects. To maximize their impact and harm, threat actors choose devices they are certain will travel the length of a supply chain.
INDUSTRIAL IoT (I-IoT) ATTACKS
As we just mentioned, for many years the industrial sector didn't think threat actors were considering them as targets. They made the mistake of assuming that the Industrial IoT (Internet of Things) devices they employ for routine tasks and operations provided no value for an attacker, therefore developers didn't spend much time making sure that their IoT devices had even the most basic firewalls or other security measures. Exploits will occur when you care little or nothing about security.
In the past, major businesses prioritized cybersecurity as a crucial issue, but times have changed. Strong cyber security protections must be included into the gadgets by the engineers who develop them for manufacturers. On Industrial IoT devices, vulnerabilities frequently relate to problems that the user introduces during the device's usage or installation.
An employee, former employee, contractor, business associate, or other individual within an organization who has access to sensitive information and IT systems and who might harm the company is considered an insider threat. Policies, processes, and technology that assist prevent privilege misuse or lessen the harm it may do can be used to handle insider risks.
Other individuals with access to your offices and computers, such as contractors and security personnel, are also potential insider risks. Because a corporation may manage this, it is very essential to observe.
Below are the few recommendations for Manufacturing Industry.
Acknowledge the mounting risk to your organization and resolve to take action.
Install technologies that offer comprehensive insight into both the OT and IT networks. This entails finding and cataloguing devices, making sure that only authorized personnel have access, controlling access, and obtaining insight into applications and traffic.
Use a segmentation approach. Set up gateways with stringent regulations to connect your OT network's various levels to the IT and OT environments. Making ensuring that each system and subsystem is performing solely its intended function is the aim. Segmentation stops an assault from spreading widely in one area.
A zero-trust access approach should take the place of an open, trust-based access architecture. Install access controls that authenticate users, limit their access to only the systems they need to complete their tasks, and then keep an eye on them while they're online. Everyone needs to follow this rule, but suppliers and contractors in particular should.
Utilize automation to quicken your reaction and assist with activity analysis. Put in place logging tools, analytics that check for unusual behavior in the logs, and security systems that can react to threats. Automation and orchestration are crucial for spotting threats and taking response in just a few seconds given the speed at which today's assaults may happen.
Create playbooks for backup, recovery, and restoration, and establish procedures for auditing and testing systems in the event of a breach.
Send regular phishing simulations to test a employee's knowledge with email phishing assaults as part of a tiered strategy to email security.
Employ role-based training to acquaint employees with cyber threat dangers.
Maintain a backup of your data and regularly verify that it is functioning properly.
Using multi-factor authentication will prevent hackers from accessing your networks and systems.
Patching will update your program. If you don't, attackers attempting to exploit vulnerabilities will be able to access your systems and networks.
It is best to have many security systems. You can immediately identify invasions thanks to spam filters, firewalls, and antivirus software.
It's crucial to provide your personnel with awareness training. To keep the organization safe, they should be able to recognize phishing emails.
Intellectual Property (IP) Theft
Decide which information is most valuable, and be aware of any intellectual property you may have and where it could be.
Review the user access to your IP and sensitive data on a regular basis.
Examine user access privileges to find the weak points and holes in your cyber security.
Make a policy for data security.
To ensure that your employees are operating securely within the corporate network, regularly monitor them.
Supply Chain Attacks
By hiring SOC analysts, you can ensure that the cyber security infrastructure of your company is analyzed and any issues are found.
Use the red and blue teams at your company to fabricate a supply chain attack that seems like a genuine danger. This will enable you to determine whether your present security procedures are sufficient to thwart an attack.
Platforms for managing passwords will provide IT administrators insight into employee password habits and assist avoid supply chain threats. Best practices for password security will also be imposed across the whole firm as a result.
Vendors should only have access to the information necessary for them to do their duties, with restricted access to your systems.
Each gadget must to have a reliable, distinctive ID.
Disable any superfluous services or ports.
Keep an eye on network traffic to spot illicit use.
Regularly update your software.
Carry out an overall risk analysis for the company.
Policies and controls should be well-documented and consistently followed.
Create a secure physical environment at work.
Install security tools and applications.
Implement strong policies and procedures for password and account management.
All endpoints, including mobile ones, are under the supervision and control of remote access.
Boost the security of the network perimeter.
Using video cameras with motion sensors and night vision, keep an eye on all the important locations in your business.
Enforce least privilege and duty separation.
Recycle your outdated equipment and documents responsibly.
To record, track, and audit employee actions, use a log correlation engine or a Security Information and Event Management system (SIEM).
Put safe backup, archiving, and recovery procedures in place.
Determine actors who pose a risk and act quickly when anything seems off.
For any cloud services, specifically access limitations and monitoring capabilities, define clear security agreements.
Create a thorough process for terminating employees.
Include insider threat knowledge in all workers' recurring security training.
HOW SECURECLAW IS PROTECTING CUSTOMERS?
When it comes to security, the manufacturing sector has a lot of catching up to do. Organizations in the sector may still act and begin safeguarding their cyber environments; it's not too late.
SecureClaw partner for your entire journey of cybersecurity implementation. Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI) framework and certification is the solution for cost-effective cybersecurity implementation. Click Here To Know More About BDSLCCI Certification!