Manufacturing is the most targeted sector for cyber-attacks in 2020. In order to understand the cyber threat to manufacturers, we need to know who is attacking them, why, and how. Only then can manufacturers take the appropriate steps to protect themselves.
Manufacturing, where uptime and productivity are everything, has become the most targeted sector for cyber-attacks in 2020. With high-profile cyber-attacks such as the Norsk Hydro ransomware attack that cost the firm £45 million making national headlines, the cyber threat to manufacturers is clear. But why are manufacturers such prize targets for hackers?
Globalisation has increased manufacturers’ production footprints exponentially, which has introduced not just new threat vectors but also new threat actors. Manufacturers with operations spread throughout the world face threats from not just cybercriminals, but also competitors and nation states.
Another issue facing manufacturers is the antiquity of their systems. Many of the manufacturing systems in use today were developed in a less cyber security-mature time. Since they were designed and built with a focus on performance and safety, many manufacturers are now playing catch-up when it comes to implementing the appropriate cyber security measures throughout their operations.
In this blog we will explore the cyber threat to manufacturers: who is attacking manufacturers, why, and how? And what steps can manufacturers take to protect themselves from the cyber threats they face?
Who is Attacking Me, and Why?
Given the nature of their operations and geographic spread, manufacturers face a number of cyber threat actors on a daily basis. Here are three of the key types of attacker targeting manufacturers:
Like all industries, manufacturers face a constant threat from cybercriminals.
|Who they are||Cybercriminals|
|Motivations||99 times out of 100, cybercriminals are motivated by financial gain.|
|Common attack methods||Typically, cybercriminals will attempt to gain access to manufacturers’ internal systems in order to steal intellectual property and/or deploy ransomware payloads. The cybercriminals will then use blackmail to extort money from the victims, threatening to leak intellectual property online or revoke access permanently to data encrypted by ransomware.|
|Real-life example||In 2019, operations at large aluminium manufacturer Norsk Hydro ground to a halt when cybercriminals launched a successful ransomware attack on the firm.|
Manufacturers hold valuable intellectual property, which can be targeted by competitors.
|Who they are||Competitors|
|Motivations||Rival manufacturers have been known to steal intellectual property from competitors in order to enhance their own products.|
|Common attack methods||Competitors will tend to use less sophisticated attack methods to target rival manufacturers. Executives moving from one firm to another may take advantage of accounts that have yet to be deactivated, or may siphon intellectual property out of the firm through online storage tools or USB drives.|
|Real-life example||Four former employees of an Indian pharmaceutical firm were arrested in early-2020 after allegedly stealing data including sensitive details pertaining to drug manufacturing from their former employer.|
Given their global operations, manufacturers face an increasing threat from nation states.
|Who they are||Nation states|
|Motivations||The increasingly global nature of manufacturing has brought belligerent nation states into play as threat actors. Their goals are often to cause widespread damage to organisations or even entire nations.|
|Common attack methods||Nation state-sponsored attacks are often technically complex, using sophisticated cyber-attack methods and the latest malware variants to exploit weaknesses in manufacturers’ cyber security provisions.|
|Real-life example||Swiss drug and technology maker Roche was one of many European companies that were attacked by a state-backed hacking group from China using a malware variant called Winnti, which gave hackers remote access to victims’ computers.|
How Am I Being Attacked?
In 2020, ransomware is by far the most popular cyber-attack method that threat actors use to target manufacturers. In a typical ransomware attack a target organisation’s network is penetrated by hackers, often by sending a phishing email to individuals in the organisation that contains malware, or sometimes through exploiting a vulnerability in the organisation’s network.
The malware enters the network and the attackers conduct reconnaissance and further activity to achieve the right access they need to execute the ransomware. Once this is done, the target organisation’s network is encrypted and effectively unusable until either a ransom is paid or the organisation reverts to backups to bring the network back online.
The Norsk Hydro attack demonstrated the massive financial and operational impact ransomware can have on manufacturing firms, as the firm suffered millions of pounds in lost revenue and several months of operational turmoil. However, a relatively new trend for double-extortion ransomware attacks introduces a significant reputational threat to manufacturers, too.
Double-extortion first became a prominent tactic as a further method to make money from late-2019 onwards. In a double-extortion ransomware attack, the attackers threaten to leak stolen data onto the internet. The intention of double-extortion ransomware attacks is to shame target organisations into paying a ransom, even if the appropriate backups are in place to mitigate a traditional ransomware attack.
Many double-extortion ransomware attacks lead to sensitive data being publicised on social media. In mid-2020, there has been an increasing trend for the publication of screenshots of the stolen data by cybercriminals and security researchers. This means that often the first public indication that an organisation has been hit by ransomware will be stolen sensitive information appearing on social media.
How Do I Protect Myself?
The cyber threat to manufacturers is real, and it’s getting worse. In order to protect your manufacturing firm, you need to understand the risks you face. By understanding these risks, you can take steps to address them.
Six Degrees is a trusted cyber security partner to prominent manufacturing firms throughout the UK and beyond. We understand the cyber threat to manufacturers, and we regularly advise our manufacturing clients on the hostile digital landscape in which they operate.
You can download our new Cyber Intelligence Report that covers the latest trends in ransomware attacks against the retail and manufacturing sectors for free here. We’ve also created a handy infographic that provides the information you need to protect your manufacturing firm from ransomware attacks.
If you’d like support in enhancing your manufacturing firm’s cyber security posture, you can arrange a free initial consultation by emailing firstname.lastname@example.org
Today’s manufacturers need to adapt quickly to changing client demands