Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/8/2018
10:30 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Manufacturing Industry Experiencing Higher Incidence of Cyberattacks

New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.

The rapid convergence of enterprise IT and operational technology networks in manufacturing organizations has definitely caught the eyes of cyberattackers. According to a new report out today, manufacturing companies have started experiencing elevated rates of cyber reconnaissance and lateral movement from attackers taking advantage of the growing connectivity within the industry. 

Developed by threat hunting firm Vectra, the "2018 Spotlight Report on Manufacturing" features data from a broader study of hundreds of enterprises across eight other industries. It shows that even though organizations in retail, financial services, and healthcare industries are more likely to experience reportable breaches involving personally identifiable information, manufacturing organizations outpace them in other areas of risk. 

For example, the manufacturing industry is subject to a higher-than-usual volume of malicious internal behaviors, which points to attackers likely already having found footholds inside of these networks. In particular, during the first half of 2018 manufacturing firms had the highest level of reconnaissance activity per 10,000 machines of any other industry. This kind of behavior typically shows that attackers are mapping out the network looking for critical assets. Similarly, manufacturing was in the top three industries most impacted by malicious lateral movement across its networks.

All of these metrics indicate a heightened level of risk to manufacturing's bread-and-butter: uninterrupted operations and well-guarded intellectual property. According to the "2018 Verizon Data Breach Industry Report," 47% of breaches in manufacturing are motivated by cyber espionage. 

Experts chalk up the increased risk to the industry's mass deployment of industrial Internet of Things (IoT) devices and the shift to what some tech pundits call Industry 4.0. As analysts at McKinsey, Deloitte, and others explain, we're in the middle of the fourth industrial revolution. The first started with steam-powered machines. The second came with the advent of electricity. The third occurred with the first programmable controllers. And now the fourth is occurring with increased connectivity, automation, and data-driven adaptivity of operation systems across manufacturing plants. Industry 4.0 delivers ubiquitous production and control to the business, but it also increases the risk of disruption by cyberattackers if automated and connected systems aren't sufficiently protected. 

Unfortunately the industry's paradigms around protecting systems hasn't caught up with the changing realities of its attack surface. For example, the Vectra report explains how manufacturers traditionally used customized and proprietary protocols for connecting systems on the factory floor. That in and of itself kept the bar of entry for cybercriminals pretty high. But that trend is changing as more IoT devices have utilized standardized protocols.

"The conversion from proprietary protocols to standard protocols makes it easier to infiltrate networks to spy, spread, and steal," the report states. 

Additionally, manufacturers tend not to implement strong security access controls on certain systems for fear of interrupting the flow of lean production lines. All of this is adding up to heightened levels of risk.

"The interconnectedness of Industry 4.0-driven operations has created a massive attack surface for cybercriminals to exploit," says Chris Morales, head of security analytics at Vectra.

Related Content:

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36192
PUBLISHED: 2021-01-18
An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private Project), if they are attached to an existing Changeset. The information is visible on the view.php p...
CVE-2020-36193
PUBLISHED: 2021-01-18
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...