Cybercriminals Increasingly Target Manufacturing, IP

Recent attacks on intellectual property (IP) and critical infrastructure are increasing security requirements for manufacturing companies as the industry has had one of the highest attack rates of any sector since the beginning of COVID-19.

According to a report released by Morphisec, one in five manufacturing companies in the US and UK has been victim of a cyber attack in the past 12 months.

The 2021 Manufacturing Cybersecurity Threat Index study found that 57% of 567 manufacturing workers surveyed are more concerned that their company is being attacked by cyber criminals than they were a year ago.

When it came to attempted attacks on servers, Morphisec found that manufacturers experienced the most commonly attempted exploits that focused on initial access, while ransomware was also widely used by attackers targeting the servers in manufacturing companies.

Long road to recovery

The report also found that companies affected by a cyber attack took up to a week to recover in most cases, and a fifth of incidents took two weeks.

“This is very worrying given the impact manufacturing industries are having on the US and UK economies, especially as both countries are still recovering from the pandemic,” said Daniel Petrillo, director of security strategy and products at Morphisec.

He said manufacturing companies must practice basic security hygiene rather than relying solely on endpoint protection solutions to keep themselves safe, noting training employees in security awareness, using native controls, and applying the principles of the least Rights go a long way towards limiting a. can afford the general cybersecurity risk of the manufacturing company.

“Additionally, ensuring that zero trust is fully implemented in your architecture, from the access management layer to the network layer and beyond, can be of great benefit in mitigating risk,” said Petrillo.

Setu Kulkarni, vice president of strategy at WhiteHat Security, an application security provider, noted that while manufacturing has traditionally never been connected to the internet as an industry, with the rapid advances in operational technology (OT), more and more legacy systems and -Software must now be Internet – at least enabled for remote monitoring, if not for remote operations.

“The proliferation and relocation of applications that were never web-enabled to become web-enabled has likely created this high risk,” he said. “The other factor we saw is that manufacturing supply chains are increasingly software driven, which means business partners must now open other internal applications to integrate with supply chain partners. This means that existing vulnerabilities that were previously not exploitable can now be exploited publicly. “

Reducing the risk of a breach

To mitigate these threats, manufacturers need to reduce the risk of production breaches, according to Kulkarni.

This means companies must take an inventory of publicly available apps, continuously scan them in production, and take a risk-based approach to troubleshoot issues in production.

Oliver Tavakoli, CTO of AI cybersecurity company Vectra, pointed out that manufacturing companies often have limited ability to patch the underlying software in their networks; General purpose software embedded in manufacturing equipment cannot be changed without the assistance of the manufacturer who made the equipment.

Additionally, manufacturing is often physically dispersed, and most operations teams are more focused on limiting downtime from equipment failure than from a cyberattack.

“So you can view remote diagnostic access over the Internet as something that improves your system reliability until an attacker can gain access through such a mechanism,” he said.

Endpoint security (in the form of endpoint detection and response) and remote access (in the form of zero-trust network access) are, from Tavakoli’s point of view, two aspects of an overall security strategy that have changed due to the pandemic.

“However, these are far from the only attack vectors used by attackers, and most manufacturing systems do not include an EDR agent,” he said. “Visibility and constant vigilance with regard to the network environment around these systems in the form of network detection and response are part of the table inserts that arose towards the end of the pandemic.”

Hank Schless, senior manager of security solutions at Lookout, a provider of mobile phishing solutions, noted that supply chain-targeting threat actors want to steal IP and disrupt operations.

“IP theft is primarily carried out by gaining access to corporate infrastructure through mobile phishing and exfiltrating the data to a remote server outside of your company,” he said.

A malfunction can then occur in various ways. Primarily, this could be done using the same phishing process as IP theft, but there is also the possibility of infiltrating malware such as surveillanceware or ransomware into the infrastructure.

“With access to research data, orders, manufacturing schedules and delivery routes, a threat actor could find many ways to disrupt operational efficiencies,” he said. “You could also use this data to bring your entire internal system to a standstill and request payments.”

Morphisec’s Petrillo noted that the impact of the pandemic on the threat landscape for manufacturers has been dramatic.

“The crisis has been a catalyst for government-sponsored organizations that are essentially hitting the world’s largest economies while they are already down,” he said.

The manufacturing industry – with its valuable intellectual property and critical infrastructure – is a very popular way for threat actors to do so, and the fact that the manufacturing industry has receded (at least a little) over the past year has only helped these cybercriminals .

“As these organizations continue to move between hybrid work environments, they must treat the endpoint as the last real perimeter with automatic protection that stops ransomware, infostealers and other advanced attacks from being breached,” said Petrillo.