May 16, 2020

Why manufacturing is one of the most attractive industries for cyberattacks

Hadi Hosn
8 min
It’s no secret that the manufacturing industry is one of the most targeted industries when it comes to cyberattacks. According to EEF, 48 percent of m...

It’s no secret that the manufacturing industry is one of the most targeted industries when it comes to cyberattacks. According to EEF, 48 percent of manufacturers have at some point been subject to a cybersecurity incident, and half of those organisations suffered financial loss or a disruption to their business. But why the sudden interest in targeting manufacturers?

Intellectual Property (IP).

Threat actors (the bad guys) are seeking to steal intelligence on any new product, process, or technology that a manufacturer creates, which can be anything from obtaining blueprints of confidential designs, secret formulas, or unique assembly processes. This information can then be used by adversaries to sell products at a lower price and cut both competitive advantages and margins.

In conjunction with the knowledge that manufacturers hold valuable sensitive information, manufacturers are an increasingly attractive prospect for threat actors because of how exposed their IT systems are to infection. This is because historically manufacturers have been concerned with securing their OT environment, often neglecting IT security almost entirely. Threat actors are therefore well aware that a manufacturers’ network is often left unprotected, and that the right cybersecurity tools and processes are not in place. Better yet, they know that a manufacturers’ supply chain is large and complex with vulnerabilities in abundance, and therefore the ideal environment to attempt an attack which can rapidly propagate across networks and infect various suppliers and businesses at ease.

It is evident then, that cybersecurity is not only a challenge for a manufacturer’s IT department, but for the operations and leadership teams too. More than a third of manufacturers report that they are not able to demonstrate good enough cyber security practices, which is a worrying statistic considering that it is becoming a vital requirement written within contractual agreements for manufacturers to have effective cyber security processes in place for their customers. In addition, with advances in legal requirements put in place by the European Union as well as individual countries, manufacturers will be under even more pressure.

If that isn’t serious enough, it’s worth remembering that if production goes down even for the shortest time, the impact can be irreparable - with millions in revenue potentially lost. This, combined with the risk to reputation that a manufacturer could face in the event of an effective cyberattack or data breach means that in order to survive and thrive in an interconnected digital age, many manufacturers must adopt a highly proactive mindset and approach to cybersecurity strategy…

…And this begins with understanding the threat.


Nation States

Apart from professional cybercrime gangs, manufacturers are a very attractive target for hostile nation state actors. These are hackers who are suspected to work on behalf of a government to disrupt or compromise a target organisation to either gain access to valuable data or intelligence or create incidents to create economic or political unrest.

Nation state threats currently only comprise of ten percent of all attacks worldwide, but they are the most time consuming to resolve, and by far the trickiest. In fact, Secureworks research determined that on average it took 500 percent more time to fully evict a nation state attacker from a network in 2017 than in 2016. This increase is due to the often entrenched nature of these adversaries plus the necessity to fully understand the extent of the threat actor’s capability and access. If an organisation shows its hand too soon and attempts to evict an attacker without understanding how it got in, what it controls, and what it has changed, then the attacker can simply shift tactic or worse, infect or shutdown operations and machines.

By their nature, defence contractors and manufacturers are of particular interest to these nation states due to their access to government documents and sensitive information. One such organisation is the nicknamed BRONZE UNION – a threat group suspected of operating for the Chinese government. In the past they have successfully compromised manufacturing and defence organisations specifically targeting life sciences, aerospace, manufacturing, defence, energy, technology and government organisations. The group specialises in identifying key data stores and selectively pulling out information of high value with a focus around defence, security, and political intelligence.

The group’s activities were observed on multiple U.S. based defence manufacturer networks, seeking information associated with aerospace technologies, combat processes, and naval defence systems. Analysis suggests that systemic issues in China’s defence technology industries could have influenced demand for this type of information due to a disconnect between what the country’s defence industries can supply and what its military needs. One infiltration technique that BRONZE UNION has relied on in the past is a strategic web compromise (SWC). This is a targeted attack which compromises users by infecting websites they usually visit and luring them to a malicious site.


Supply Chain attacks

Manufacturers also need to be aware of the threats they face from vulnerabilities and weaknesses in their supply chain. Although supply chain attacks account for a very small proportion of overall global attacks, they are often the most destructive.

Take the notoriously aggressive NotPetya attack. Trojanised updates via MeDoc software were used to carry out the attack, which infected PCs and organisations across the world. Compromising a legitimate software update and using it as a delivery mechanism like this indicates careful operational planning and pre-positioning, and considering the MEDoc accounting software existed on the networks of the majority of Ukrainian businesses, we can be confident that the attack was most likely carried out by a Russian nation state.

The targeting of digital certificates offered out by technology manufacturers in particular is becoming a common technique used by threat actors. Done properly, like NotPetya, it gives threat actors an improved chance to penetrate networks without being detected by impersonating legitimate products and inserting malware into updates of legitimate software.

What can manufacturers do to protect themselves?

Firstly, manufacturers are advised to undergo thorough security testing and assessments to identify and quantify where their network is at risk. Sourcing a cybersecurity specialist partner that can implement penetration testing, which subjects a manufacturers’ network to real world cyberattack scenarios in a safe environment, can be a useful first step to obtaining a thorough evaluation of the current organisational defences, security policies, and system architecture.

Implementing or enhancing logging, adopting multi-factor authentication (MFA), managing user privileges and integrating endpoint security capabilities are some of the specific measures that manufacturing companies can put in place to ensure they are protected from cyberattacks. Effective safeguarding control is paramount and should include multi-factor authentication for all public facing access. As a best practice, administrators’ access should use MFA and IP whitelisting from the corporate address space. Monitoring and reviewing user permissions, privileged activity and configurations on a regular basis is also paramount for strong cyber security defences.

Applying patches to affected assets as soon as they become available should become second nature for all IT departments. Patching is often overlooked due to concerns about business continuity but is absolutely critical. If patching is not an option due to potential disruption of production or business, or fear of breaking critical dependencies, companies must have alternative compensating controls. In addition, third party patches should be tested on isolated systems in a controlled way, prior to being rolled out to live environments.

Manufacturers must also remember that whatever technology and automatic measures and processes are put in place to protect, detect and respond to cyberattacks effectively - it is mostly always people that are the weak link.

Cyber criminals are always finding new ways to exploit human vulnerabilities. One such example is the case of Mia Ash. Last year, security researchers observed phishing campaigns suspected to be carried out by an Iranian based threat group nicknamed COBALT GYPSY, which targeted organisations (many of which were manufacturers) in the Middle East and North Africa. After unsuccessful generic phishing and targeted spear-phishing attempts, the group launched a highly sophisticated social engineering campaign. This entailed creating a fake social media profile called Mia Ash – a London-based photographer – to befriend employees at targeted organisations via LinkedIn. After weeks of interacting online with their target and gaining their trust, the group eventually sent an email containing a malicious attachment and the rest is history.

Manufacturers therefore must prioritise cybersecurity awareness amongst employees. At present many IT teams do not have the correct internal support to help them understand and successfully implement the necessary changes to strengthen their cyber defences and close the loop on human error. This is why specialist cybersecurity companies can prove an invaluable partner to any manufacturing company that is looking to improve its cyber defences and at the same time struggles to attract the right talent for the job. Specialists can help manufacturers adopt the best cybersecurity hygiene, and ensure critical technologies – such as a resilient, offline back-up solution – and processes – such as developing and regularly exercising an organisational incident response plan – are in place. 


Protecting for the future

As we move into the next era of automation and the smart factory, we will likely continue to see nation state attacks proliferate. Threat actors will not only try to penetrate multiple new entry points offered by the implementation of IoT devices but try to create cyberattacks that have real life consequences. Just last year, a Saudi Arabian petrochemical manufacturer was targeted by malware believed to steal data and put a complete halt in operation, and to cause an explosion with potentially devastating consequences. The malware targeted the plant’s industrial control systems and was designed to stop any automated equipment from going beyond the safe operating conditions and to override the machine’s initial codes.

Today’s manufacturing plants have different sensors to monitor the machinery’s wear and tear, temperature, vibration or cooling to minimise downtime. However, this equipment is not intended to monitor for failed login attempts or data breaches and theft. Therefore, it is imperative that manufacturers start to ensure that the right security checks are put in place before this equipment is brought to the shop floor.

The technology industry, and therefore the threat, is moving faster every day, and manufacturing leaders need to catch up. Threat actors are constantly evolving, upskilling, and becoming better resourced, and manufacturers can no longer ignore the threat that is out to obtain high-reward IP, or to sabotage IT and OT infrastructure at any cost. The complexity of cyber awareness used as a defence when a major cyberattack occurs can no longer be accepted and manufacturers have to put the correct procedures in place to avoid hefty fines, delay in production, or loss of reputation and capital – before it’s too late.


By Hadi Hosn, Global Consulting Solutions Lead.

Share article

Jun 8, 2021

IMF: Variants Can Still Hurt Manufacturing Recovery

Elise Leise
3 min
The International Monetary Fund (IMF) claims that while markets are rising and manufacturing is coming back, it’ll push for global immunisation

After a year of on-and-off manufacturing in the US, UK, and the eurozone, demand for goods surged early last week. Factories set growth records in April and May, suppliers started to recover, and US crude hit its highest price point since pre-COVID. As vaccination efforts immunise much of the US and UK populations, manufacturers are now able to fully ramp up their supply chains. In fact, GDP growth could approach double-digits by 2022

Now, the ISM productivity measure has surpassed the 50-point mark that separates industry expansion from contraction. Since U.S. president Biden passed his US$1.9tn stimulus package and the UK purchasing managers index (PMI) increased to 65.6, both sides of the Atlantic are facing a much-welcomed manufacturing recovery. 

Lingering Concerns Over COVID

Even as Spain, France, Italy, and Germany race to catch up, and mining companies pushed the FTSE 100 index of list shares to a monthly high of 7,129, some say that UK and US markets still suffer from a lack of confidence in raw material supplies. Yes, the Dow Jones has made up its 19,173-point crash of March 2020, and MSCI’s global stock index is at an all-time high. 

Yet manufacturers around the world realise that these wins will be short-lived until pandemic supply chain bottlenecks are solved. If we keep the status quo, consumers will pay the price. In April, inflation in Germany reached 2.4%, and across the EU’s 19 member countries, overall prices have increased at an unusual pace. Some ask: Is this true recovery? 

IMF: Current Boom Could Falter

Even as Elon Musk tweeted about chip shortages forcing Tesla to raise its prices, UK mining demand skyrocketed; housing markets lifted; and the pound sterling gained value. The International Monetary Fund (IMF), however, cautioned that manufacturing recovery won’t last long if COVID mutates into forms our vaccinations can’t touch. Kristalina Georgieva, Washington’s IMF director, noted that fewer than 1% of African citizens have been vaccinated: “Worldwide access to vaccines offers the best hope for stopping the coronavirus pandemic, saving lives, and securing a broad-based economic recovery”. 

Across the globe, manufacturing companies are keeping a watchful eye on new developments in the spread of COVID. Though US FDA officials don’t think we’ll have to “start at square one” with new vaccines, the March 2021 World Economic Outlook states that “high uncertainty” surrounds the projected 6% global growth. Continued manufacturing success will in large part depend on “the path of the pandemic, the effectiveness of policy support, and the evolution of financial conditions”. 

Mathias Cormann, secretary-general of the Organisation for Economic Co-Operation and Development (OECD) concurred—without global immunisation, the estimated economic boom expected by 2025 could go kaput. “We need to...pursue an all-out effort to reach the entire world population”, Australia’s finance minister added. US$50bn to end COVID across the world, they imply, is a small investment to restart our economies.

Share article