Risk

8/8/2018
10:30 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Manufacturing Industry Experiencing Higher Incidence of Cyberattacks

New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.

The rapid convergence of enterprise IT and operational technology networks in manufacturing organizations has definitely caught the eyes of cyberattackers. According to a new report out today, manufacturing companies have started experiencing elevated rates of cyber reconnaissance and lateral movement from attackers taking advantage of the growing connectivity within the industry. 

Developed by threat hunting firm Vectra, the "2018 Spotlight Report on Manufacturing" features data from a broader study of hundreds of enterprises across eight other industries. It shows that even though organizations in retail, financial services, and healthcare industries are more likely to experience reportable breaches involving personally identifiable information, manufacturing organizations outpace them in other areas of risk. 

For example, the manufacturing industry is subject to a higher-than-usual volume of malicious internal behaviors, which points to attackers likely already having found footholds inside of these networks. In particular, during the first half of 2018 manufacturing firms had the highest level of reconnaissance activity per 10,000 machines of any other industry. This kind of behavior typically shows that attackers are mapping out the network looking for critical assets. Similarly, manufacturing was in the top three industries most impacted by malicious lateral movement across its networks.

All of these metrics indicate a heightened level of risk to manufacturing's bread-and-butter: uninterrupted operations and well-guarded intellectual property. According to the "2018 Verizon Data Breach Industry Report," 47% of breaches in manufacturing are motivated by cyber espionage. 

Experts chalk up the increased risk to the industry's mass deployment of industrial Internet of Things (IoT) devices and the shift to what some tech pundits call Industry 4.0. As analysts at McKinsey, Deloitte, and others explain, we're in the middle of the fourth industrial revolution. The first started with steam-powered machines. The second came with the advent of electricity. The third occurred with the first programmable controllers. And now the fourth is occurring with increased connectivity, automation, and data-driven adaptivity of operation systems across manufacturing plants. Industry 4.0 delivers ubiquitous production and control to the business, but it also increases the risk of disruption by cyberattackers if automated and connected systems aren't sufficiently protected. 

Unfortunately the industry's paradigms around protecting systems hasn't caught up with the changing realities of its attack surface. For example, the Vectra report explains how manufacturers traditionally used customized and proprietary protocols for connecting systems on the factory floor. That in and of itself kept the bar of entry for cybercriminals pretty high. But that trend is changing as more IoT devices have utilized standardized protocols.

"The conversion from proprietary protocols to standard protocols makes it easier to infiltrate networks to spy, spread, and steal," the report states. 

Additionally, manufacturers tend not to implement strong security access controls on certain systems for fear of interrupting the flow of lean production lines. All of this is adding up to heightened levels of risk.

"The interconnectedness of Industry 4.0-driven operations has created a massive attack surface for cybercriminals to exploit," says Chris Morales, head of security analytics at Vectra.

Related Content:

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.