Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/20/2016
04:45 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Manufacturers Suffer Increase In Cyberattacks

Cyberattacks on manufacturing companies on the rise as attackers attempt to steal valuable intellectual property and information.

The manufacturing sector is now one of the most frequently hacked industries, second only to healthcare, a new report says.

Healthcare, which has a wealth of exploitable information within electronic records, moved into the top spot of the rankings, replacing financial services, which dropped to third place in IBM X-Force Research’s new 2016 Cyber Security Intelligence Index. Manufacturing rose from third place in last year’s report, which offers a high-level overview of the major threats to IBM’s clients' businesses worldwide over the past year.

Manufacturing includes automotive, electronics, textile, and pharmaceutical companies. Automotive manufacturers were the top targeted manufacturing sub-industry, accounting for almost 30% of the total attacks against the manufacturing industry in 2015. Chemical manufacturers were the second-most targeted sub-industry in 2015, according to IBM.

Many attackers are financially motivated and therefore are more likely to go after corporate networks where they could steal potentially valuable intellectual property or sensitive information, says John Kuhn, senior threat researcher with IBM X-Force. 

Meanwhile, The 2016 Manufacturing Report by professional services firm Sikich also reports a rise in attacks on the manufacturing sector -- with theft of intellectual property as a primary motive.

“The FBI estimated that $400 billion of intellectual property is leaving the US each year because of cyberattacks” and nation-state actors and other adversaries are starting to target manufacturing companies for this information, says Brad Lutgen, a partner in Sikich’s compliance and security practice.

Many manufacturing companies are behind the curve in security because they have not been held to compliance standards like financial services has, with the Payment Card Industry Data Security Standards and The Gramm-Leach-Bliley Act, or in the case of the healthcare industry, with the Health Insurance Portability and Accountability Act, Lutgen says. “Because of that, they [manufacturers] tend to be a little laxer with security in terms of some other industry verticals.”

As a result, there is a lack of adoption of key information security practices that have become standardized procedures across most industry verticals, Lutgen says. For example, only 33% of survey respondents indicated that their organizations were performing annual penetration testing within their IT groups.

Heartbleed, SQL Injection Leading Forms Of Attack

Manufacturers appear to be vulnerable to older attacks, such as Heartbleed and Shellshock. SQL injection is another prominent form of attack being waged against manufacturers, IBM’s Kuhn says. “Those [types of attacks] happened in volume,” last year, he says. The Heartbleed bug is a serious vulnerability found in the OpenSSL cryptographic that allows attackers to eavesdrop on communications, steal data directly from the services and users, and to impersonate services and users.

Attackers also targeted manufacturing companies’ enterprise servers via spearphishing schemes to lure employees to malicious websites, Kuhn says.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Manufacturing companies are starting to fortify their networks and corporate systems, Kuhn says, but their industrial control systems also pose a challenge. ICS systems might run a copy of Microsoft Windows or Unix that was issued ten years ago, so they can’t necessarily update it without the change causing an equipment failure, according to Kuhn. 

“When you talk about this industrial control space, it gets into a doomsday thing. It [an attack] might shut down a water plant or a nuclear plant. They are hard to defend,” Kuhn says. 

Take the proliferation of ransomware. What if it an attacker deploys ransomware to lock down manufacturing computers and says, “pay the ransom or you won’t be able to manufacture your products?” These are all things to consider, he says. “So there is a lot of work to do in the manufacturing industry to shore up their defenses for industrial control systems and corporate networks.”

Defensive Strategies

Sikich’s report offers manufacturers some advice about how to mitigate threats:

  • Conduct an annual IT risk assessment to properly understand where threats are originating from.
  • Perform annual penetration tests to simulate the threat of someone trying to break into your organization’s network.
  • Conduct ongoing vulnerability scanning throughout the year to help the organization stay up-to-date with new threats.

Related Content:

 

Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. He has witnessed all of the major transformations in computing over the last three decades, covering the rise, death, and resurrection of the ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Artist Uses Malware in Installation
Dark Reading Staff 5/17/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168
PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170
PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...