Critical Manufacturing Sector in the Bull's-eye
Serious security flaws go unpatched, and ransomware attacks increase against manufacturers.
January 20, 2023
More than three-quarters of manufacturing organizations harbor unpatched high-severity vulnerabilities in their systems, a study of the sector found.
New telemetry from SecurityScorecard shows a year-over-year increase in high-severity vulns in those organizations.
In 2022, some "76% of manufacturing organizations, SecurityScorecard observed unpatched CVEs on IP addresses our platform attributes to those organizations," says Aleksandr Yampolskiy, co-founder and CEO of SecurityScorecard.
Nearly 40% of these organizations — which include metals, machinery, appliance, electrical equipment, and transportation manufacturing — suffered malware infections in 2022.
Almost half (48%) of critical manufacturing organizations received a ranking between "C" and "F" on SecurityScorecard's security ratings platform.
The platform includes ten groups of risk factors, including DNS health, IP reputation, Web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence.
The severity of cyberattacks against manufacturers is noteworthy, Yampolskiy says.
"Many of these incidents have involved ransomware where the threat actor, usually in the form of a criminal group, sets out to make money through extortion," he says. "While the ransomware problem is global, we’ve seen a rising number of attacks on critical infrastructure come from nation-state actors in pursuit of various geopolitical objectives."
Meanwhile, incident response investigations by teams at Dragos and IBM X-Force overwhelmingly showed that the hottest operations technology (OT) target is the manufacturing sector, and the main weapon attacking these organizations