It’s Hard To Stop Data Theft

Manufacturing is a particularly attractive mark for extortion-related cyberattacks because it has such a low tolerance for downtime.

Cybercriminals are increasingly targeting manufacturers with a dizzying range of weapons. At the top of the list is malicious software (malware), especially ransomware. 

For two years in a row, manufacturing has been the top ransomware target of cybercriminals, according to the IBM Security X-Force Threat Intelligence Index 2023. The Index noted that manufacturing is a particularly attractive mark for extortion-related attacks because it has such a low tolerance for downtime.

Sobering statistics in the annual report include how the average time to complete a ransomware attack has gone from two months to less than four days. The report also describes the double threat organizations face: Cybercriminals are constantly innovating their malware to avoid detection yet, thanks to gaps in legacy equipment security, older malware infections such as WannaCry (ransomware) and Conficker (a worm) continue to put operations technology at risk.

Ransomware, which is malware that encrypts files and requires payment for a decryption key, and worms, self-replicating malware that invades a network, are just two of the variants bundled under the malware umbrella. This threat also includes:

• Trojan horses which are disguised as legitimate software and, once installed, can steal sensitive information or give an attacker remote access.

• Spyware sits quietly in a computer system and steals personal information.

• Keyloggers, short for keystroke logging, track keystrokes on a computer, capturing data including passwords.

• Rootkits allow unauthorized users to gain access to a network without being detected and deliver administrator-level control over a device.

Upping the threat is the fact that malware is not just infecting computers and networks. It can infiltrate anything with a microprocessor, including an edge device in a manufacturing environment. Connectivity in today’s factories enables malware to spread faster.

Phishing emails remain malware creators’ tool of choice to deliver their payloads, with the IBM report linking phishing to 41% of incidents. But malware can also get into devices at the manufacturing stage, or somewhere between the manufacturer and the consumer. That makes supply-chain security crucial for stopping malware attacks.

In its report “Defending Against Software Supply Chain Attacks,” the National Institute of Standards and Technology detailed the issue and provided steps organizations can take to decrease such risks, including segmenting networks. Manufacturers also can counter attacks by training employees to recognize phishing emails and to not click on suspicious links. Strong passwords and regular software patching are also necessary.

USB ports can serve as paths for malware, so organizations should disable ports when possible and limit who can connect into their network that way. Multi-factor authentication, which requires at least two credentials, provides another safety net.

Preparation is key, experts say. The IBM report notes that while “attacks are inevitable, failure doesn’t have to be.” EP

Laura Élan is Senior Director of Cybersecurity for MxD Cyber: The National Center for Cybersecurity in Manufacturing, Chicago (mxdusa.org). Download the Playbook for CMMC 2.0 Level 1 here.