Throughout this issue, there is discussion of various types of cyber threats facing manufacturers today. According to many of the experts quoted in articles, three of the most prevalent threats are ransomware, phishing attacks, and supply chain attacks.
As its name implies, ransomware is a malicious act where attackers encrypt an organization’s data and demand payment to restore access. Attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public.
In February 2022, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency released a joint media advisory about ransomware trends. Findings included:
Ransomware groups targeting organizations on holidays and weekends.
Cybercriminals are increasingly gaining access to networks via phishing, stolen remote desktop protocols (RDP) credentials, and exploiting software vulnerabilities.
The market for ransomware is evolving, and there has been an uptick in cybercriminal services-for-hire.
Ransomware groups are sharing victim information with each other, including access to victims’ networks.
Best practices to protect against ransomware include keeping data backed up, and ensuring backup systems are working properly by scheduling routine checks.
Additional safeguards are: using multi-factor authentication to provide extra steps that deter attackers from accessing systems and networks; updating software by patching—not doing so leaves systems and networks vulnerable to attackers looking to exploit weaknesses; having multiple security systems such as firewalls, anti-virus software, and spam filters to enable manufacturers to detect intrusions quickly; and conducting awareness training for employees, which is critical for them to know how to spot phishing emails, as well as how to report suspicious activity.
Phishing attacks involve a target opening a malicious email attachment or spoofed website. The attachments and websites compromise the target’s browser settings and use whatever data is available for financial gain. The manufacturing industry falls victim to phishing attacks most often through web-based malware downloads that contain trojans or other malicious content.
According to Avertium, a Phoenix-based security services and consulting provider, there are several key reasons why manufacturing is especially vulnerable to phishing attacks, including:
Legacy Equipment — Many manufacturers use devices that are outdated and run software that no longer receives security updates. This creates low-hanging fruit for attackers.
IT Infrastructure — Varying sets of technologies are used for manufacturing operations in separate locations. Each may have different hardware and software causing fragmented security frameworks. This adds complexity, and it means a single security framework will not work for all systems.
Industrial Espionage — Manufacturers with government contracts are a prime target for threat actors motivated by cyber espionage, knowing certain sectors can be significantly compromised by attacking constituent suppliers and clients.
Financial Gain — The manufacturing industry is vast and has enormous amounts of sensitive data that can be exploited, including credit card information, bank details, and social security numbers. Such data can be sold or used to compromise other networks.
Lack of Centralized Visibility — Not having one single platform to view data flow is an attractive entry point for a threat actor. There are many hidden loopholes and complexities within a fragmented framework that attackers can exploit.
To combat phishing attacks, manufacturers are advised to employ a layered approach to email security. This includes periodic simulations designed to evaluate an employee’s familiarity with email phishing attacks, as well as a definitive process for reporting potential phishing scams.
In recent years, supply chain attacks within manufacturing have become more prominent, according to Avertium. A supply chain attack happens when bad actors access an organization’s network via a third-party vendor or supplier. Access can be gained through viruses or malicious software, giving the attacker keys to sensitive information, customer records, and payment information.
In its published reports, Avertium cites three types of supply chain attacks:
Software Supply Chain Attacks — Require just one compromised application or piece of software to disrupt an entire supply network. These attacks target an application’s source code and delivers malicious code to a trusted app or software system.
Firmware Supply Chain Attacks — Inserting malware into a computer’s boot record, taking just one second to unfold. After the targeted computer boots up, the malware is executed, and an entire system is at risk. These attacks are quick, damaging, and sometimes undetectable.
Hardware Supply Chain Attacks — Depending on physical devices, threat actors target devices they know will make their way through an entire supply chain to maximize reach and damage.
Because a supply chain can be large in scope, the attack itself can be difficult to trace. Manufacturers work with dozens—or even hundreds—of suppliers, thus any disruption to the process creates a dangerous ripple effect. It’s important for manufacturers to protect their suppliers and affirm that the companies they do business with are equally committed to security.
Manufacturers should also leverage password management platforms and give IT administrators insight into employee password behaviors. This serves to enforce password security best practices across the whole organization.
Staying on top of cyber threats is a critical step for manufacturers to establish resiliency and business continuity. Oftentimes, relying on a trusted security industry partner to help create a plan of defense against attacks is a sound investment.
Connect With Us