Technology is now the most attacked sector globally, accounting for a quarter of all attacks in 2019, compared to 17% the year before, according to the NTT 2020 Global Threat Intelligence Report (GTIR) published in May. In the UK & Ireland, however, it is quite a different picture, with the manufacturing sector increasingly coming under attack, and now representing almost a third of all attacks.
We are in fact seeing attack volumes increase across all industries, as threat actors use tools such as web shells, exploit kits and targeted ransomware, developing effective multi-function attack tools and capabilities. They are also innovating by leveraging artificial intelligence and machine learning and investing in the automation of attacks. We are also seeing the re-emergence of IoT weaponisation and IoT devices (including industrial IoT) being compromised, with botnets like Mirai and other being used to help spread attacks.
Such attacks continue to be effective because organisations are simply unable to keep up. As the technology driving many industrial processes and systems continues to advance, unfortunately awareness and action around cybersecurity has lagged behind.
Manufacturing and industrial plants, including power stations, and utilities are increasingly under attack as part of our critical national infrastructure. Cyber attacks on power grids in the Ukraine led to blackouts in 2015 and 2016 and as far back as 2010 there was the Stuxnet attack against Iran’s nuclear processing facility.
A highly attractive target for cyber criminals because of the valuable data they keep about systems, processes, supply chains, and highly sensitive IP around design and specification, manufacturing organisations are constantly fighting off threats. In the wrong hands this sort of information could bring down a business, especially for those where innovation is a key differentiator in a competitive market, such as automotive or medical devices.
The sector faces growing attacks on its global supply chains, as well as the exploitation of unpatched systems that are often several years old. The Conficker worm was the single most commonly detected variant of malware (11% of all detections) in manufacturing suggesting these organisations have outdated or unpatched systems and weak passwords, leaving them vulnerable to infection via other malware variants.
Reconnaissance attacks were the most common form of attack aimed at manufacturing organisations, helping attackers to determine where to focus web application and application-specific attacks for maximum effectiveness.
Manufacturing today is highly automated and dependent on interconnected systems with the convergence between operational technology (OT) and IT. Many manufacturing systems were designed originally with efficiency, throughput, health & safety and compliance in mind rather than security. Because security has lagged behind, this exposes systems and processes to attack, putting connected technologies under threat.
OT has relied on a form of ‘security through obscurity’ to some extent. The protocols and interfaces in these systems were often complex and proprietary, and security was not seen as a priority as there was no perceived threat. As a result, it was difficult to mount a successful attack. But as more and more systems come online, and attackers innovate, automate and speed up the rate of their attacks, organisations have nowhere to hide.
Now with greater convergence between IT and OT, there is the risk that organisations will fail to fully understand how exposed they are and the scale of the attack surface, particularly when it comes to other interconnected systems, networks and the supply chain.
The COVID-19 pandemic has shown us that cyber criminals will stop at nothing – and will take advantage of any situation by repurposing their toolsets, deploying new infrastructure and developing innovative campaigns to proactively target vulnerable organisations. We are seeing an increased number of phishing and ransomware attacks. Manufacturing organisations will need to be even more vigilant in this age of unknowns.
Supply chain issues are impacting the sector as facilities and plants scale back or even halt operations, or close to keep workers safe. Yet manufacturers must continue to provide materials and to keep essential supplies coming in. For others, their ability to quickly convert operations at the start of the crisis to create much needed personal protective equipment, ventilators or to manufacture hand sanitisers was seen as a critical step.
Constant pressures in the market, the spread of COVID-19 and the need to deliver consistent, reliable services require much more than having the ability to recover from disruptions. Cyber attacks can take weeks, if not years, to recover from, so manufacturers, their partners and their supply chains must be able to anticipate and prevent disruptions.