Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/8/2018
10:30 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Manufacturing Industry Experiencing Higher Incidence of Cyberattacks

New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.

The rapid convergence of enterprise IT and operational technology networks in manufacturing organizations has definitely caught the eyes of cyberattackers. According to a new report out today, manufacturing companies have started experiencing elevated rates of cyber reconnaissance and lateral movement from attackers taking advantage of the growing connectivity within the industry. 

Developed by threat hunting firm Vectra, the "2018 Spotlight Report on Manufacturing" features data from a broader study of hundreds of enterprises across eight other industries. It shows that even though organizations in retail, financial services, and healthcare industries are more likely to experience reportable breaches involving personally identifiable information, manufacturing organizations outpace them in other areas of risk. 

For example, the manufacturing industry is subject to a higher-than-usual volume of malicious internal behaviors, which points to attackers likely already having found footholds inside of these networks. In particular, during the first half of 2018 manufacturing firms had the highest level of reconnaissance activity per 10,000 machines of any other industry. This kind of behavior typically shows that attackers are mapping out the network looking for critical assets. Similarly, manufacturing was in the top three industries most impacted by malicious lateral movement across its networks.

All of these metrics indicate a heightened level of risk to manufacturing's bread-and-butter: uninterrupted operations and well-guarded intellectual property. According to the "2018 Verizon Data Breach Industry Report," 47% of breaches in manufacturing are motivated by cyber espionage. 

Experts chalk up the increased risk to the industry's mass deployment of industrial Internet of Things (IoT) devices and the shift to what some tech pundits call Industry 4.0. As analysts at McKinsey, Deloitte, and others explain, we're in the middle of the fourth industrial revolution. The first started with steam-powered machines. The second came with the advent of electricity. The third occurred with the first programmable controllers. And now the fourth is occurring with increased connectivity, automation, and data-driven adaptivity of operation systems across manufacturing plants. Industry 4.0 delivers ubiquitous production and control to the business, but it also increases the risk of disruption by cyberattackers if automated and connected systems aren't sufficiently protected. 

Unfortunately the industry's paradigms around protecting systems hasn't caught up with the changing realities of its attack surface. For example, the Vectra report explains how manufacturers traditionally used customized and proprietary protocols for connecting systems on the factory floor. That in and of itself kept the bar of entry for cybercriminals pretty high. But that trend is changing as more IoT devices have utilized standardized protocols.

"The conversion from proprietary protocols to standard protocols makes it easier to infiltrate networks to spy, spread, and steal," the report states. 

Additionally, manufacturers tend not to implement strong security access controls on certain systems for fear of interrupting the flow of lean production lines. All of this is adding up to heightened levels of risk.

"The interconnectedness of Industry 4.0-driven operations has created a massive attack surface for cybercriminals to exploit," says Chris Morales, head of security analytics at Vectra.

Related Content:

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3493
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
CVE-2021-3492
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...