May 16, 2020

Why manufacturing is one of the most attractive industries for cyberattacks

Hadi Hosn
8 min
It’s no secret that the manufacturing industry is one of the most targeted industries when it comes to cyberattacks. According to EEF, 48 percent of m...

It’s no secret that the manufacturing industry is one of the most targeted industries when it comes to cyberattacks. According to EEF, 48 percent of manufacturers have at some point been subject to a cybersecurity incident, and half of those organisations suffered financial loss or a disruption to their business. But why the sudden interest in targeting manufacturers?

Intellectual Property (IP).

Threat actors (the bad guys) are seeking to steal intelligence on any new product, process, or technology that a manufacturer creates, which can be anything from obtaining blueprints of confidential designs, secret formulas, or unique assembly processes. This information can then be used by adversaries to sell products at a lower price and cut both competitive advantages and margins.

In conjunction with the knowledge that manufacturers hold valuable sensitive information, manufacturers are an increasingly attractive prospect for threat actors because of how exposed their IT systems are to infection. This is because historically manufacturers have been concerned with securing their OT environment, often neglecting IT security almost entirely. Threat actors are therefore well aware that a manufacturers’ network is often left unprotected, and that the right cybersecurity tools and processes are not in place. Better yet, they know that a manufacturers’ supply chain is large and complex with vulnerabilities in abundance, and therefore the ideal environment to attempt an attack which can rapidly propagate across networks and infect various suppliers and businesses at ease.

It is evident then, that cybersecurity is not only a challenge for a manufacturer’s IT department, but for the operations and leadership teams too. More than a third of manufacturers report that they are not able to demonstrate good enough cyber security practices, which is a worrying statistic considering that it is becoming a vital requirement written within contractual agreements for manufacturers to have effective cyber security processes in place for their customers. In addition, with advances in legal requirements put in place by the European Union as well as individual countries, manufacturers will be under even more pressure.

If that isn’t serious enough, it’s worth remembering that if production goes down even for the shortest time, the impact can be irreparable - with millions in revenue potentially lost. This, combined with the risk to reputation that a manufacturer could face in the event of an effective cyberattack or data breach means that in order to survive and thrive in an interconnected digital age, many manufacturers must adopt a highly proactive mindset and approach to cybersecurity strategy…

…And this begins with understanding the threat.


Nation States

Apart from professional cybercrime gangs, manufacturers are a very attractive target for hostile nation state actors. These are hackers who are suspected to work on behalf of a government to disrupt or compromise a target organisation to either gain access to valuable data or intelligence or create incidents to create economic or political unrest.

Nation state threats currently only comprise of ten percent of all attacks worldwide, but they are the most time consuming to resolve, and by far the trickiest. In fact, Secureworks research determined that on average it took 500 percent more time to fully evict a nation state attacker from a network in 2017 than in 2016. This increase is due to the often entrenched nature of these adversaries plus the necessity to fully understand the extent of the threat actor’s capability and access. If an organisation shows its hand too soon and attempts to evict an attacker without understanding how it got in, what it controls, and what it has changed, then the attacker can simply shift tactic or worse, infect or shutdown operations and machines.

By their nature, defence contractors and manufacturers are of particular interest to these nation states due to their access to government documents and sensitive information. One such organisation is the nicknamed BRONZE UNION – a threat group suspected of operating for the Chinese government. In the past they have successfully compromised manufacturing and defence organisations specifically targeting life sciences, aerospace, manufacturing, defence, energy, technology and government organisations. The group specialises in identifying key data stores and selectively pulling out information of high value with a focus around defence, security, and political intelligence.

The group’s activities were observed on multiple U.S. based defence manufacturer networks, seeking information associated with aerospace technologies, combat processes, and naval defence systems. Analysis suggests that systemic issues in China’s defence technology industries could have influenced demand for this type of information due to a disconnect between what the country’s defence industries can supply and what its military needs. One infiltration technique that BRONZE UNION has relied on in the past is a strategic web compromise (SWC). This is a targeted attack which compromises users by infecting websites they usually visit and luring them to a malicious site.


Supply Chain attacks

Manufacturers also need to be aware of the threats they face from vulnerabilities and weaknesses in their supply chain. Although supply chain attacks account for a very small proportion of overall global attacks, they are often the most destructive.

Take the notoriously aggressive NotPetya attack. Trojanised updates via MeDoc software were used to carry out the attack, which infected PCs and organisations across the world. Compromising a legitimate software update and using it as a delivery mechanism like this indicates careful operational planning and pre-positioning, and considering the MEDoc accounting software existed on the networks of the majority of Ukrainian businesses, we can be confident that the attack was most likely carried out by a Russian nation state.

The targeting of digital certificates offered out by technology manufacturers in particular is becoming a common technique used by threat actors. Done properly, like NotPetya, it gives threat actors an improved chance to penetrate networks without being detected by impersonating legitimate products and inserting malware into updates of legitimate software.

What can manufacturers do to protect themselves?

Firstly, manufacturers are advised to undergo thorough security testing and assessments to identify and quantify where their network is at risk. Sourcing a cybersecurity specialist partner that can implement penetration testing, which subjects a manufacturers’ network to real world cyberattack scenarios in a safe environment, can be a useful first step to obtaining a thorough evaluation of the current organisational defences, security policies, and system architecture.

Implementing or enhancing logging, adopting multi-factor authentication (MFA), managing user privileges and integrating endpoint security capabilities are some of the specific measures that manufacturing companies can put in place to ensure they are protected from cyberattacks. Effective safeguarding control is paramount and should include multi-factor authentication for all public facing access. As a best practice, administrators’ access should use MFA and IP whitelisting from the corporate address space. Monitoring and reviewing user permissions, privileged activity and configurations on a regular basis is also paramount for strong cyber security defences.

Applying patches to affected assets as soon as they become available should become second nature for all IT departments. Patching is often overlooked due to concerns about business continuity but is absolutely critical. If patching is not an option due to potential disruption of production or business, or fear of breaking critical dependencies, companies must have alternative compensating controls. In addition, third party patches should be tested on isolated systems in a controlled way, prior to being rolled out to live environments.

Manufacturers must also remember that whatever technology and automatic measures and processes are put in place to protect, detect and respond to cyberattacks effectively - it is mostly always people that are the weak link.

Cyber criminals are always finding new ways to exploit human vulnerabilities. One such example is the case of Mia Ash. Last year, security researchers observed phishing campaigns suspected to be carried out by an Iranian based threat group nicknamed COBALT GYPSY, which targeted organisations (many of which were manufacturers) in the Middle East and North Africa. After unsuccessful generic phishing and targeted spear-phishing attempts, the group launched a highly sophisticated social engineering campaign. This entailed creating a fake social media profile called Mia Ash – a London-based photographer – to befriend employees at targeted organisations via LinkedIn. After weeks of interacting online with their target and gaining their trust, the group eventually sent an email containing a malicious attachment and the rest is history.

Manufacturers therefore must prioritise cybersecurity awareness amongst employees. At present many IT teams do not have the correct internal support to help them understand and successfully implement the necessary changes to strengthen their cyber defences and close the loop on human error. This is why specialist cybersecurity companies can prove an invaluable partner to any manufacturing company that is looking to improve its cyber defences and at the same time struggles to attract the right talent for the job. Specialists can help manufacturers adopt the best cybersecurity hygiene, and ensure critical technologies – such as a resilient, offline back-up solution – and processes – such as developing and regularly exercising an organisational incident response plan – are in place. 


Protecting for the future

As we move into the next era of automation and the smart factory, we will likely continue to see nation state attacks proliferate. Threat actors will not only try to penetrate multiple new entry points offered by the implementation of IoT devices but try to create cyberattacks that have real life consequences. Just last year, a Saudi Arabian petrochemical manufacturer was targeted by malware believed to steal data and put a complete halt in operation, and to cause an explosion with potentially devastating consequences. The malware targeted the plant’s industrial control systems and was designed to stop any automated equipment from going beyond the safe operating conditions and to override the machine’s initial codes.

Today’s manufacturing plants have different sensors to monitor the machinery’s wear and tear, temperature, vibration or cooling to minimise downtime. However, this equipment is not intended to monitor for failed login attempts or data breaches and theft. Therefore, it is imperative that manufacturers start to ensure that the right security checks are put in place before this equipment is brought to the shop floor.

The technology industry, and therefore the threat, is moving faster every day, and manufacturing leaders need to catch up. Threat actors are constantly evolving, upskilling, and becoming better resourced, and manufacturers can no longer ignore the threat that is out to obtain high-reward IP, or to sabotage IT and OT infrastructure at any cost. The complexity of cyber awareness used as a defence when a major cyberattack occurs can no longer be accepted and manufacturers have to put the correct procedures in place to avoid hefty fines, delay in production, or loss of reputation and capital – before it’s too late.


By Hadi Hosn, Global Consulting Solutions Lead.

Share article

Jul 30, 2021

First Solar to Invest US$684mn in Indian Energy Sector

Elise Leise
3 min
First Solar will launch an advanced PV manufacturing plant in Tamil Nadu to support Indian solar independence

First Solar is about to set up a new photovoltaic (PV) thin-film solar manufacturing facility in Tamil Nadu, India. The 3.3GW factory will create 1,000 skilled jobs and is expected to launch its operations in Q3 of 2023. According to the company, India needs 25+ gigawatts of solar energy to be deployed each year for the next nine years. This means that many of First Solar’s Indian clients will jump at the chance to have access to the company’s advanced PV. 


Said Mark Widmar, First Solar’s CEO: ‘India is an attractive market for First Solar not simply because our module technology is advantageous in its hot, humid climate. It’s an inherently sustainable market, underpinned by a growing economy and appetite for energy’. 

A Bit of Background 

First Solar is a leading global provider of photovoltaic systems. It uses advanced technology to generate clear, reliable energy around the world. And even though it’s headquartered in the US, the company has invested in storage facilities around the world. It displaced energy requirements for a desalination plant in Australia, launched a source of reliable energy in the Middle East (Dubai, UAE), and deployed over 4.5GW of energy across Europe with its First Solar modules


The company is also known for its solar innovation, reporting that it sees gains in efficiency three times faster than multi-crystalline silicon technology. First Solar holds world records in thin-film cell conversion efficiency (22.1%) and module conversion efficiency (18.2%). Finally, it helps its partners develop, finance, design, construct, and operate PV power plants—which is exactly what we’re talking about. 

How Will The Tamil Nadu Plant Work?

Tamil Nadu will use the same manufacturing template as First Solar’s new Ohio factory. According to the Times of India, the factory will combine skilled workers, artificial intelligence, machine-to-machine communication, and IoT connectivity. In addition, its operations will adhere to First Solar’s Responsible Sourcing Solar Principles, produce modules with a 2.5x lower carbon footprint, and help India become energy-independent. Said Widmar: ‘Our advanced PV module will be made in India, for India’. 


After all, we must mention that part of First Solar’s motivation in Tamil Nadu is to ensure that India doesn’t rely on Chinese solar. ‘India stands apart in the decisiveness of its response to China’s strategy of state-subsidised global dominance of the crystalline silicon supply chain’, Widmar explained. ‘That’s precisely the kind of level playing field needed for non-Chinese solar manufacturers to compete on their own merits’. 


According to First Solar, India’s model should be a template for like-minded nations. Widmar added: ‘We’re pleased to support the sustainable energy ambitions of a major US ally in the Asia-Pacific region—with American-designed solar technology’. To sum up: Indian solar power is yet the next development in the China-US trade war. Let the PV manufacturing begin. 


Share article