In an era dominated by technology, the manufacturing industry finds itself at the forefront of an escalating wave of cyber threats. Recent research sheds light on the most pressing concerns facing the sector in the first half of 2023. Here’s an overview of some key findings and a few recommendations to navigate the complex cyber landscape.
Manufacturing: A Prime Target
The manufacturing industry is a lucrative target for cybercriminals, hacktivists, and nation-state-aligned attackers. Cybercriminals and hacktivists are drawn to manufacturing due to its low tolerance for outages – disrupting IT services often halts production, resulting in missed revenue. Additionally, state-aligned groups target manufacturing organizations for their links to critical national infrastructure and potential intellectual property treasures.
Nation-state-aligned groups pose a significant threat, exemplified by the China-based advanced persistent threat group Volt Typhoon targeting U.S. critical national infrastructure, specifically manufacturing, in May 2023. Hacktivist group Killnet, aligned with Russia, remains a prominent risk, targeting the aerospace subsector and posing a continued threat in the second half of 2023.
European manufacturing sector accounted 14% of the global incidents, and it’s the 2nd place in the world in 2023. The 1st position belongs to Asia-Pacific region where 61% cases were reported.
Ransomware Reigns Supreme
Ransomware emerges as another significant threat to the manufacturing sector. Cyber attacks surged across all manufacturing sub-groups from the second half of 2022 to the first half of 2023:
- Industrial goods and services organizations faced a 24% increase.
- Aerospace organizations witnessed a staggering 195% surge.
- Chemicals organizations experienced a 92% rise.
- Automobiles and parts organizations encountered a 53% increase.
The Clop ransomware cybercriminals continued its data-theft campaign into the second half of 2023, emphasizing the persistence of this threat. Manufacturing organizations are urged to prioritize measures against ransomware, including regular system patching, data backup, secure storage practices, and proactive threat hunting.
Ransomware dominated the European cybersecurity landscape, constituting 26% of all attacks on the continent. Following closely were server access attacks at 12% and data theft at 10%, ranking as the subsequent prevalent attack types.
Operational Technology Security at Risk
The convergence of operational technology (OT) with traditional IT systems introduces new vulnerabilities. While integrating OT with IT systems enhances performance, it also escalates cyber risk. Attackers target OT systems by exploiting vulnerabilities commonplace across sectors, including unpatched vulnerabilities, weak credentials, and exposed remote services.
The Oldsmar water treatment plant (Florida, USA) incident in 2021 exemplifies the potential consequences. Attackers compromised the network through a dormant TeamViewer remote access account, highlighting the ease with which common IT weaknesses can be exploited to interfere with critical OT systems.
The overarching trend in Europe over the past decade has been the surge in cybercrime, marked by increased tool availability, easier exploit acquisition, and heightened motivation among cybercriminals. Ransomware and extortion campaigns, in particular, have emerged as prominent tools causing significant harm to organizations. Within Operational Technology, there has been an alarming 87% surge in ransomware attacks against industrial organizations, accompanied by a 35% increase in the number of threat groups in 2021.
Strengthening IT/OT Resilience
To enhance resilience against evolving threats, manufacturing organizations are advised to:
- Conduct regular security assessments of OT systems.
- Implement continuous vulnerability assessment and triage.
- Ensure timely updates for key components of the OT network.
- Deploy endpoint detection and response (EDR) solutions for timely threat detection.
- Enhance incident prevention, detection, and response skills through dedicated OT security training.
The interconnected nature of global infrastructure necessitates a proactive, collaborative approach to cybersecurity. By understanding and addressing the evolving threat landscape, manufacturing organizations can fortify their defenses, safeguard critical assets, and contribute to a more secure digital ecosystem.
Source:
https://www.picussecurity.com/resource/blog/regions-and-industries-at-risk-august-2023
https://www.reliaquest.com/blog/cyber-threats-to-manufacturing-industry-1h-2023/
6 Industries Most Vulnerable to Cyber Attack in 2023 (potomac.edu)
The Latest Cyber Crime Statistics (updated October 2023) | AAG IT Support (aag-it.com)