As manufacturers become more reliant on technology to automate plants and processes, the greater their exposure to cyber security risks.
More companies are building smart factories as the technology is becoming more accessible and because automation positively influences the bottom line by lowering manufacturing costs and increasing productivity.
However, the cloud migration trend has created a wider attack surface for malicious actors threatening to use the very machines that help a business grow against it.
The Cybersecurity and Infrastructure Security Agency (CISA) prioritizes protection of the critical manufacturing sector; companies that produce products essential to the nation’s infrastructure. A recent study by Moody’s Investor Services found these very entities are at great risk and named electric, gas and water utilities, telecommunications, chemical and energy manufacturers among them.
In fact, incidents of hacking industrial control systems have been steadily growing over the past few years and show no signs of slowing down. Hackers have selected manufacturers due to the high likelihood they will pay a ransom and because many have inadequate security measures in place. Companies in this sector have mistakenly believed they’re not valuable enough for thieves to attack. That’s changed – dramatically.
How Hackers Get the Keys to the Company
Just one manufacturing plant can have hundreds of individual devices in its network, but not enough have adopted proper security measures. Cybercriminals are counting on the fact that managers can’t monitor every device, allowing them to inflict great damage under the radar. For example, hackers can compromise or infect devices to serve in a larger attack campaign and it may go unnoticed for days, even weeks.
Taking control of countless individual devices lets cybercriminals create a botnet, a network of computers forced to run malicious code. This is common in Distributed Denial-of-Service (DDoS) attacks and phishing attacks. In most cases, the greatest source of vulnerability is people, especially employees who may open hostile emails and expose private corporate data. Here’s how:
- Retail giant Target was compromised when nefarious actors entered the customer database through a phishing email sent to a third-party vendor. The HVAC vendor, Fazio Mechanical Services, remotely accessed Target’s network for billing and contract fulfillment. The malware stole the employee’s credentials and granted the criminals access, allowing malware to be installed on its computers. 40 million credit and debit records and 70 million customer records were stolen over a period of days. That breach cost Target $18.5 million in fines.
- Ransomware is also a lucrative business, and it remains the top threat to medium and large corporations. Consequences to a company can be severe and on a wider scale, it can threaten the economy. Colonial Pipeline paid hackers $4.4 million in ransom to restore its oil operations after an attack prevented millions of barrels of gasoline, diesel and jet fuel from flowing. Colonial operates the largest fuel conduit system in the United States and a company spokesperson acknowledged in media interviews that the economic impact of the shutdown was far worse than paying the ransom.
- Many hackers engage in social engineering to obtain valuable information. Social engineers target humans, rather than technology, to gather useful intel. Social engineering is a general term that refers to a broad range of manipulation tactics. It typically involves impersonating representatives of legitimate organizations to manipulate people into supplying information such as passwords or personal details.
- Sabotage cyberattacks may originate from insider threats, such as a disgruntled employee or it could come from a competitor. Operational technology (OT) has created an avenue for hackers where they use machines as entry points into a secure network. Once inside, they can disrupt operations by shutting them down or irreparably damaging them.
- Like the sabotage attack, the DDoS attack can shut down a machine or network, making it inaccessible to the company. A DDoS attacks flood the target with traffic or sends it information that triggers a crash. Several powerful, DDoS attacks were observed in late 2016 and later traced to a brand of malware known as Mirai. Google also claimed last year that it stopped the largest such attack that reached 46 million requests per second (RPS). Google said that it was the equivalent of getting all the daily requests to Wikipedia in just 10 seconds. These attacks have grown in complexity and in numbers recently, making it imperative a business has the right tools to detect and analyze the traffic early in the game.
As Ransomware, DDoS and Insider Attacks Rise, IT Teams Double Down on Prevention
Organizations need to become more conscious of their security posture and have a responsibility to invest in cybersecurity to put themselves ahead of disruption. Experts in cyberwarfare are warning their clients to improve employee awareness training immediately and suggest:
- Red team exercises
- Phishing and email exercises
- Attack simulation
- Constant test of backup and security systems
Employers are realizing they may not have the deepest bench for training and security and are outsourcing for support. A recent Canalys study found outsourcing, consulting and managed services will continue to grow and will account for almost 65% of the worldwide cyber security market this year. MSPs and MSSPs can fill the gaps and provide design, implementation and long-term support. These MSPs often have flexible outsourcing models, giving clients the liberty to decide the level of support they desire - be it one-time support or long-term engagement.