This article is part of our Essential Guide: Cyberthreats, cyber vulnerabilities, and how to fight back

Manufacturing a key target for cyber attacks

Manufacturers are a key and growing target for cyber criminals, a threat intelligence report reveals

Cyber attacks increased 24% globally during the second quarter of 2017 compared with the first three months of the year, with the manufacturing industry being the most heavily targeted.

This is one of the top findings of the latest quarterly threat intelligence report by NTT Security, an NTT Group company.

The overall increase in attacks is attributed to an increase in reconnaissance and phishing distribution efforts, as threat actors heavily focused on finding vulnerable public facing servers.

Additionally, the tactic of embedding malicious macros into documents sent via phishing emails regained popularity in the quarter, as evidenced by an increase in phishing campaigns.

Just over a third of all documented attacks in the second quarter targeted the manufacturing industry, with manufacturers appearing in the top three targets in five of six geographic regions throughout 2016. Manufacturing (34%) was followed by finance (25%) and health care (13%) as the most targeted sectors.

While not typically thought of as highly “attackable”, the report said manufacturing has been one of the most consistently attacked industries over the past few years.

The manufacturing industry is increasingly being targeted, the report said, as threat actors perceive the prospective gains in attacking networks in this industry.

Read more about threat intelligence

According to the US National Center for Manufacturing Sciences (NCMS), 39% of all cyber attacks in 2016 were against the manufacturing sector, up from 33% the year before, with breaches costing between $1m and $10m.

The report attributes the increase in cyber attacks targeting manufacturing to fierce competition in a sector where intellectual property is at a premium, to the fact that industrial control systems (ICS) are often left unguarded, to a lack of investment in cyber security due to a focus on productivity and efficiency.

The report highlights the fact that due to increased connectivity through the use of internet of things (IoT) devices, robotics and human-machine interfaces to improve automation and cut costs, there is an increasing attack surface in the industry.

The report also highlights that 21% of manufacturers have suffered a loss of intellectual property in cyber attacks, while more than 90% of material stolen by cyber spies has been classified secret or proprietary.

“Most manufacturing systems today were made to be productive – they were not made to be secure. Every manufacturer is at risk – it isn’t a matter of if they will be targeted, it’s a matter of when.” said Rebecca Taylor, senior vice president for NCMS.

Threats to the industry

In addition to potential threats unique to manufacturers, the industry also faces a variety of threats, prevalent across many industries, including insider and technical threats, the report said.

The top malware distribution method in manufacturing environments was via web-based downloads, accounting for 58% of malware in this sector, the report said.

Variants of trojans and droppers accounted for 86% of the malware in the manufacturing industry during the second quarter, with reconnaissance to scan for vulnerable systems and applications accounting for 33% of hacker activity in the sector, followed by brute-force attacks (22%) and malware (9%).

Vulnerabilities allowing code execution accounted for 73% of attacks globally during the quarter, affecting 15 industry sectors, with manufacturing and finance being the most affected.

“The report shows that hackers continue to target the manufacturing sector, which should be a red flag for CISOs across this market segment,” said Jon Heimerl, manager, Threat Intelligence Communication Team, NTT Security.

“The motivations for these attacks are often criminal in nature, including extortion via ransomware, industrial espionage, and theft of data such as account numbers,” he said.

Giving hackers free reign

When these breaches are successful, yet go undetected, Heimerl said they allow hackers to establish footholds in organisations’ networks where they have free reign to wreak havoc over extended periods.

“This is a problem if we consider that 37% of manufacturers recently surveyed indicated they do not have an incident response plan in place.

“This is very concerning as manufacturers’ IT security liabilities often impacted not just the manufacturing organisations, but suppliers, as well as related industries and consumers,” he said. 

Other findings in the report include that overall, cyber criminals appear to be using phishing emails with malicious attachments containing PowerShell commands in macros as a primary attack vector.

Just over two-thirds of all malware distribution in the second quarter was email-based, public-facing Microsoft SQL (MSSQL) servers were popular targets for brute-forcing.

More than one in five attacks across all industries were web application focused, followed by application specific (16%) and malware (12%) based attacks, while activity against Adobe Flash Player vulnerabilities accounted for 98% of all activity targeting Adobe products.

Read more on Hackers and cybercrime prevention