Vulnerabilities / Threats
4/20/2016
04:45 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Manufacturers Suffer Increase In Cyberattacks

Cyberattacks on manufacturing companies on the rise as attackers attempt to steal valuable intellectual property and information.

The manufacturing sector is now one of the most frequently hacked industries, second only to healthcare, a new report says.

Healthcare, which has a wealth of exploitable information within electronic records, moved into the top spot of the rankings, replacing financial services, which dropped to third place in IBM X-Force Research’s new 2016 Cyber Security Intelligence Index. Manufacturing rose from third place in last year’s report, which offers a high-level overview of the major threats to IBM’s clients' businesses worldwide over the past year.

Manufacturing includes automotive, electronics, textile, and pharmaceutical companies. Automotive manufacturers were the top targeted manufacturing sub-industry, accounting for almost 30% of the total attacks against the manufacturing industry in 2015. Chemical manufacturers were the second-most targeted sub-industry in 2015, according to IBM.

Many attackers are financially motivated and therefore are more likely to go after corporate networks where they could steal potentially valuable intellectual property or sensitive information, says John Kuhn, senior threat researcher with IBM X-Force. 

Meanwhile, The 2016 Manufacturing Report by professional services firm Sikich also reports a rise in attacks on the manufacturing sector -- with theft of intellectual property as a primary motive.

“The FBI estimated that $400 billion of intellectual property is leaving the US each year because of cyberattacks” and nation-state actors and other adversaries are starting to target manufacturing companies for this information, says Brad Lutgen, a partner in Sikich’s compliance and security practice.

Many manufacturing companies are behind the curve in security because they have not been held to compliance standards like financial services has, with the Payment Card Industry Data Security Standards and The Gramm-Leach-Bliley Act, or in the case of the healthcare industry, with the Health Insurance Portability and Accountability Act, Lutgen says. “Because of that, they [manufacturers] tend to be a little laxer with security in terms of some other industry verticals.”

As a result, there is a lack of adoption of key information security practices that have become standardized procedures across most industry verticals, Lutgen says. For example, only 33% of survey respondents indicated that their organizations were performing annual penetration testing within their IT groups.

Heartbleed, SQL Injection Leading Forms Of Attack

Manufacturers appear to be vulnerable to older attacks, such as Heartbleed and Shellshock. SQL injection is another prominent form of attack being waged against manufacturers, IBM’s Kuhn says. “Those [types of attacks] happened in volume,” last year, he says. The Heartbleed bug is a serious vulnerability found in the OpenSSL cryptographic that allows attackers to eavesdrop on communications, steal data directly from the services and users, and to impersonate services and users.

Attackers also targeted manufacturing companies’ enterprise servers via spearphishing schemes to lure employees to malicious websites, Kuhn says.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Manufacturing companies are starting to fortify their networks and corporate systems, Kuhn says, but their industrial control systems also pose a challenge. ICS systems might run a copy of Microsoft Windows or Unix that was issued ten years ago, so they can’t necessarily update it without the change causing an equipment failure, according to Kuhn. 

“When you talk about this industrial control space, it gets into a doomsday thing. It [an attack] might shut down a water plant or a nuclear plant. They are hard to defend,” Kuhn says. 

Take the proliferation of ransomware. What if it an attacker deploys ransomware to lock down manufacturing computers and says, “pay the ransom or you won’t be able to manufacture your products?” These are all things to consider, he says. “So there is a lot of work to do in the manufacturing industry to shore up their defenses for industrial control systems and corporate networks.”

Defensive Strategies

Sikich’s report offers manufacturers some advice about how to mitigate threats:

  • Conduct an annual IT risk assessment to properly understand where threats are originating from.
  • Perform annual penetration tests to simulate the threat of someone trying to break into your organization’s network.
  • Conduct ongoing vulnerability scanning throughout the year to help the organization stay up-to-date with new threats.

Related Content:

 

Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. He has witnessed all of the major transformations in computing over the last three decades, covering the rise, death, and resurrection of the ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.