Blog > Blog

The manufacturing industry was the most targeted by cyberattacks in 2021

According to the IBM X-Force Threat Intelligence Index 2022, the manufacturing industry was the most targeted by cyberattacks in 2021. It overtakes the financial sector, which was previously the most targeted. Thus, 23.2% of the attacks concerned this sector.

It is important to mention that a quarter of the security incidents experienced by manufacturers involved ransomware. Manufacturers are therefore mainly attacked for financial reasons.

Here are some other numbers that come out of this study:

  • 21% of 2021 incidents involved ransomware
  • 41% of attacks exploited phishing as the initial attack vector
  • 33% of incidents exploited (very) recent security vulnerabilities in 2020 and 2021
  • 36% of IoT attacks were ransomware
  • 2204% increase in reconnaissance attacks against IoT

The most observed ransomware in 2021 were:

  • 37% REvil (Sodinokibi)
  • Ryuk 13%
  • LockBit 2.0 7%
  • Others: Conti 3%, BlackMatter 3%, etc.

The most exploited attack vectors in 2021 are as follows:

  • Phishing: 41%
  • Exploitation of security vulnerabilities: 33
  • Use of stolen passwords: 9
  • Brute force attack: 6%.

In this article, we will cite the weaknesses that expose manufacturers to cyberattacks and make recommendations to protect against them.

Weakness 1: Heavy use of legacy systems

There are many outdated and unsupported systems in the manufacturing sector that hackers are aware of. It is common to see production lines or critical systems driven by applications running on old operating systems such as Windows 2000 or 2003, Windows NT 4 or Windows XP. It is impossible to install recent antivirus software on many of these systems, which makes them highly vulnerable to intrusions and ransomware.

Solution: The existence of legacy systems is a reality in the manufacturing sector and IT Directors and CISOs should accept to live with them. We recommend that you identify all legacy systems and isolate them physically or logically from the rest of the network. You should then implement strict security rules for entering and exiting the legacy systems area and allow only strictly necessary communications.

One best practice that we highly recommend is to establish a Jumpoint server that requires MFA authentication. Only people connected to the Jumpoint can connect to the legacy servers. This approach severely limits the possibility of remote control of your legacy systems.

Weakness 2: Low visibility into manufacturing network security

Cybersecurity is not a common practice for many manufacturing organizations. Very few manufacturers use tools capable of detecting and alerting them to cyber attacks. We have seen many manufacturers get hacked via basic attacks since they are very easy to detect. Brute force attacks where the hacker uses several password combinations hoping to find one used in your network are very common.

Solution: You need to deploy intrusion detection capabilities because you can't protect against what you can't see. To be consistently secure, it's important that you have 360-degree visibility into the attacks targeting you. To do this, you need to put your network on surveillance via an IDS/IPS/NDR such as StreamScan's CDS to detect and block malicious activity targeting you on a continuous basis.

We do not recommend using a log management tool (SIEM) for primary security monitoring of manufacturing environments. This type of technology provides a limited view of network security. If you forget to install a SIEM agent on the systems, you will have no visibility into their security. IDS/IPS/NDR, on the other hand, automatically discovers all the machines on the network and analyzes their communications to determine if they are under attack or not.

Weakness 3: No network security monitoring

Networks are constantly under attack by bots that operate 24/7 and look for vulnerabilities to exploit in order to take control of networks. If your network security is not monitored or is only monitored during business hours, it is only a matter of time before it is hacked. Hackers attack 24/7, so you need to monitor their attacks 24/7 as well.

Solution: You need to set up a 24/7 network security monitoring team. This team should be able to analyze security events and alerts generated in your internal network, in the cloud and in O365 for example. This requires expertise and experience in operational cybersecurity. If you don't have it, definitely don't try to cobble it together. Cyberattacks are becoming increasingly complex and sophisticated, so the slightest misinterpretation of an alert can have significant negative impacts on the organization. Therefore, if you do not have in-house expertise, you can outsource the management of your network. For example, StreamScan's Managed Detection and Response (MDR) service allows SMBs to manage their network security at a fraction of the cost of setting up an internal monitoring team.

Weakness 4: Insecure IOT and operations technologies

Operations and industrial technologies (IoT) and IOT are used permanently in manufacturing environments. Once installed, they can operate for many years. It is important not to forget to update your security systems as security vulnerabilities are constantly emerging. The more vulnerabilities there are, the more hackable it is! Unpatched, these vulnerabilities can be exploited to hack into IoT and IOT and enter the organization's network. The consequences can be numerous including production line shutdowns, ransomware, etc. In addition, the interconnection of IT and industrial systems (IOT) for the transition to Industry 4.0 in some manufacturers increases security threats because IOT systems are de facto exposed on the Internet (and therefore to cyber attacks).

According to the IBM study cited, reconnaissance attacks against IoT increased by 2204% in 2021! A great interest of hackers to target IoT is therefore very obvious.

Solution: It is essential to ensure that your IoT and IOT are well secured. To do this, follow our recommendations for securing IoTs/IOTs.

Weakness 5: Manufacturers' employees have low awareness of cybersecurity risks

Employee awareness is not a common practice among manufacturers. According to the IBM study cited above, 41% of incidents occurred via phishing. It is therefore clear that if employees are well aware of security risks, the incident rate will drop considerably.

Solution: We recommend that you set up an awareness program for your employees. Today, in order to be considered effective, awareness must be done on a monthly basis. It is also important to verify that the awareness program is effective by conducting regular phishing tests. Here are our recommendations for raising employees awareness.

Weakness 6: Due to the large impact on production lines, the likelihood of ransomware payments is high among manufacturers

The impact of cyberattacks, including ransomware on manufacturers, can be significant. Production line stoppages, inability to take or deliver certain orders and more are examples. The negative impact on the organization's image and reputation is also a major consequence if the hack was publicized. Hackers know that production line downtime has serious consequences and this puts manufacturers in a weak position in case of an attack. This is to the advantage of the hacker who will take action to increase the amount of his ransom demand. He is aware that every minute spent costs the manufacturer a lot and he takes advantage of it.

Solution: always be prepared and avoid being in a weak position when a hacker takes over your network or introduces ransomware. To do this, you should always back up your data in 3 copies, one of which is kept internally, one externally in the Cloud for example and one offline. You should also regularly perform data recovery tests to ensure that they will be functional when needed. Finally, you should be prepared to manage security incidents effectively by following our security incident management recommendations.

Learn how our Monitored Detection and Response (MDR) service can protect your network

We're confident that after you see our MDR solution (powered by our CDS network monitoring technology) in action, you won't want to leave your network unprotected. That's why we're offering a free 30-day trial that includes:

  • An information session
  • CDS configuration
  • Free 30-day proof of concept
  • First month's activity report and recommendations

Email: Freetrial@streamscan.ai

Phone: 1-877-208-9040

CTA Newsletter