{"id":1113,"date":"2024-12-06T07:01:00","date_gmt":"2024-12-06T07:01:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1113"},"modified":"2024-12-06T07:01:00","modified_gmt":"2024-12-06T07:01:00","slug":"8-biggest-cybersecurity-threats-manufacturers-face","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1113","title":{"rendered":"8 biggest cybersecurity threats manufacturers face"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The manufacturing sector\u2019s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.<\/p>\n

Manufacturers \u2014 often prime targets for state-sponsored malicious actors and ransomware gangs \u2014 face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.<\/p>\n

\u201cMany manufacturing systems rely on outdated technology that lacks modern security measures, creating exploitable vulnerabilities,\u201d says Paul Cragg, CTO at managed security services firm NormCyber. \u201cThis is exacerbated by the integration of industrial internet of things [IIoT] devices, which expand the attack surface.\u201d<\/p>\n

For example, many manufacturing organizations run outdated industrial control systems (ICS) that run antiquated software such as Embedded Windows XP, which no longer receives security patches. In addition, IoT, IIoT, operational technology (OT), and SCADA systems are often poorly supported by vendors because they are designed for operational capabilities rather than security.<\/p>\n

Lack of awareness from the business to understand what assets may be externally or internet facing is also an issue for organizations in this sector. Poor patching practices and misconfigurations are other sources of not infrequent problems for manufacturing CISOs.<\/p>\n

Syed M. Belal, global director of OT\/ICS cybersecurity strategy and enablement for Hexagon\u2019s Asset Lifecycle Intelligence division, tells CSO there were significant disparities in cybersecurity maturity across the sector.<\/p>\n

\u201cWhile industries like chemicals and semiconductors exhibit relatively higher cybersecurity maturity, others, such as food and beverage or textiles, lag significantly,\u201d Belal says. \u201cEven within advanced sectors, inconsistencies persist across organizations.\u201d<\/p>\n

Operational technology systems \u2014 which may include complex robotics and automation components \u2014 are typically replaced far more slowly than components of IT networks are, contributing to the growing security debt<\/a> that many manufacturers carry.<\/p>\n

\u201cLegacy systems, designed before modern cybersecurity threats emerged, often lack basic protections like encryption or access controls,\u201d Hexagon\u2019s Belal explains. \u201cThese vulnerabilities complicate patch management and make such equipment prime targets for attackers.\u201d<\/p>\n

Experts consulted by CSO highlighted several categories of threats faced by the industrial sector.<\/p>\n

1. Ransomware attacks<\/h2>\n

Ransomware<\/a> remains one of the most severe threats facing the industrial sector today. Cybercriminals are employing advanced techniques such as double and triple extortion, in which organizations are threatened with the leak of portions of sensitive data.<\/p>\n

More than four in five (83%) manufacturing and utility firms were targeted by a ransomware attack in the past 12 months, according to a study by tech vendor Semperis<\/a>.<\/p>\n

The majority (77%) were targeted multiple times \u2014 some even four times or more. Semperis also reports that 26% of industrial sector ransomware targets had to take systems offline, leading to business disruptions, while 17% had to close the business temporarily.<\/p>\n

Moreover, 68% of victims paid a ransom, with two thirds of those having paid a ransom multiple times, according to Semperis\u2019 study.<\/p>\n

Out of 62 ransomware groups tracked by Cyfirma Research, 39 (63%) targeted the manufacturing sector<\/a>. Ransomware groups such as BlackSuit, Meow, and Play<\/a> showed a strong focus on the sector, according to Cyfirma, which adds that RansomHub is also active in targeting the sector.<\/p>\n

\u201cManufacturing is particularly hard-hit as attackers know any factory or plant can\u2019t afford to be down for long, so they demand two to four times the ransom than they might from other targets,\u201d says Julie Albright, COO at network discovery and asset inventory vendor runZero.<\/p>\n

2. Industrial control system attacks<\/h2>\n

Industrial control systems attacks are another growing concern, particularly given the integration of IT and OT networks.<\/p>\n

\u201cThese interconnected networks provide more entry points for cybercriminals and insider threats,\u201d says Jonathan Wright, director of products and operations at communication services provider GCX. \u201cOnce a threat actor gains access to one device or network segment, they can exploit the connected system to escalate their attacks.\u201d<\/p>\n

IT\/OT convergence expands the attack surface<\/a>, making ICS environments more vulnerable to nation-state actors and advanced persistent threats.<\/p>\n

\u201cAttackers can exploit vulnerabilities in PLCs, SCADA systems, and HMIs [human-machine interfaces], potentially causing severe disruptions to critical infrastructure and endangering public safety,\u201d says Aron Brand, CTO of distributed cloud file storage firm Ctera. \u201cZero-trust architecture and robust network segmentation have become essential for limiting lateral movement within these environments, while AI-powered threat detection can help quickly identify and respond to malicious activities.\u201d<\/p>\n

Another industrial environment cyber risk comes from third-party service and support partners visiting industrial sites with their own laptops and removable media to update firmware on the ICS they manage.<\/p>\n

\u201cMalware hosted on media like USB drives can bypass traditional network-based security measures and move between IT and OT systems laterally,\u201d notes James Neilson, SVP international at cybersecurity vendor OPSWAT. \u201cSuch environments were not designed to detect IT malware, leaving them highly vulnerable when compromised via removable media.\u201d<\/p>\n

3. Supply chain risks<\/h2>\n

Manufacturing supply chains are highly interconnected, with multiple suppliers and third-party vendors contributing to production processes.<\/p>\n

\u201cAttackers are increasingly exploiting these relationships to launch supply chain attacks, targeting weak links to infiltrate OT systems,\u201d Carlos Buenano, CTO for OT at Armis, tells CSO. \u201cOnce inside, they can cause production delays, manipulate product quality, or steal intellectual property.\u201d<\/p>\n

Problems can arise due to a range of issues, including security vulnerabilities in critical software platforms, compromise from vendor support connections, or vendor software or hardware components compromised via an upstream attack.<\/p>\n

Between August and November 2024 alone,174 high-scoring vulnerabilities related to manufacturing were identified, with four having known exploits requiring immediate attention, according to Cyfirma.<\/p>\n

Protecting against supply chain attacks requires not only securing one\u2019s own systems but also ensuring the security of all partners<\/a> within the supply chain. \u201cThis might involve conducting vendor risk assessments and implementing strong contractual requirements for cybersecurity,\u201d Armis\u2019 Buenano says.<\/p>\n

The software supply chain, with a heavy reliance on open-source code, also creates a potential security headache for industrial sector organizations.<\/p>\n

\u201cAccording to the 2024 Open Source Security and Risk Analysis report, 88% of all source code within manufacturing and robotic industry is open source code,\u201d says Aditi Gupta, principal security consultant at Black Duck. \u201cWith the heavy reliance on OSS, comes the issues associated with license cost, operational risks, and security vulnerabilities.\u201d<\/p>\n

Indirect risks, such as attacks on suppliers or logistical hubs, can also disrupt manufacturing operations. For instance, Japanese car maker Toyota suspended production at 14 assembly plants<\/a> in February 2022 following a suspected cyberattack on its supplier, Kojima Industries.<\/p>\n

4. IoT vulnerabilities<\/h2>\n

The proliferation of IoT devices in industrial settings has dramatically expanded manufacturers\u2019 attack surfaces.<\/p>\n

These devices, often deployed without robust security measures, can serve as entry points for cybercriminals to access core OT systems. For example, compromised IoT sensors, such as smart meters in a power grid could disrupt monitoring and control functions, leading to major power outages.<\/p>\n

\u201cAs more businesses embrace smart technologies in manufacturing, new entry points for cybercriminals are opening up,\u201d says Steve Knibbs, director of Vodafone Business Security Enhanced. \u201cIoT devices, often shipped with default usernames and passwords or lacking strong encryption, can be exploited to access sensitive data, disrupt operations, or even tamper with production processes.\u201d<\/p>\n

Manufacturers must regularly update software to fix vulnerabilities, apply strict access controls, and ensure that strong, unique passwords and multifactor authentication is used across environments. Companies should also look to segment networks to keep IoT devices separate from critical systems while rolling out real-time monitoring to pick up any threats.<\/p>\n

5. Phishing<\/h2>\n

Phishing attacks<\/a> on the manufacturing industry rose more than 80% between September 2023 and September 2024, according to a study by Abnormal Security<\/a>.<\/p>\n

Business email compromise attacks targeting manufacturers have increased 56% year over year.<\/p>\n

Between September 2023 and September 2024, the number of vendor email compromise (VEC) attacks on manufacturers increased by 24%, Abnormal Security reports.<\/p>\n

Still, phishing is a cross-industry problem and other reports and experts we spoke to suggest manufacturing is less exposed than most.<\/p>\n

\u201cThe sector shows limited appeal for broad phishing campaigns due to low monetizable value, limited high-value data, and minimal PII repositories,\u201d Cyfirma reports.<\/p>\n

6. Regulatory pressures<\/h2>\n

Manufacturing subsectors such as automotive and electronics are increasingly reliant on automation and digitalization, and are facing more stringent cybersecurity regulation in the EU.<\/p>\n

\u201cRegulatory frameworks, such as the EU\u2019s NIS2 directive<\/a>, now designate certain manufacturing domains \u2014 computers, electronics, machinery, motor vehicles, and transportation \u2014 as critical sectors, subject to enhanced cybersecurity requirements,\u201d Hexagon\u2019s Belal explains.<\/p>\n

7. APT campaigns<\/h2>\n

Over the past year, nine out of 13 (69%) of APT campaigns obersved by Cyfirma targeted the manufacturing sector, peaking in September with sustained activity since, the company reports.<\/p>\n

Key threat actors running these attacks include Chinese groups, Russian groups (FIN7, Gamaredon), Pakistani APT36, Iranian Fox Kitten, and the North Korean Lazarus Group. Attacks impacted 15 countries with significant manufacturing economies, including the US, UK, Japan, Taiwan, and India, with increased activity in Vietnam.<\/p>\n

8. DDoS attacks<\/h2>\n

Netscout\u2019s 1H24 DDoS Threat Intelligence<\/a> report revealed that the manufacturing industry \u2014 and related sectors such as construction \u2014 are among the main targets for DDoS attacks<\/a> today.<\/p>\n

\u201cAs it continues to embrace digital technologies and extend its digital footprint, the manufacturing sector is becoming increasingly vulnerable to DDoS attacks,\u201d says Richard Hummel, threat intelligence lead for Netscout. \u201cIts vital contribution to the economy, along with its minimal tolerance for downtime and intricate digital landscapes, makes manufacturing \u2014 and related sectors \u2014 such an alluring target for threat actors.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The manufacturing sector\u2019s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs. Manufacturers \u2014 often prime targets for state-sponsored malicious actors and ransomware gangs \u2014 face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure. \u201cMany manufacturing systems rely on outdated […]<\/p>\n","protected":false},"author":0,"featured_media":1114,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1113","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1113"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1113"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1113\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1114"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}