Manufacturing organizations have in recent times been increasingly picked out in high profile ransomware attacks, zero-day vulnerabilities and supply chain compromises. This must force them to increasingly prioritize threats, in order to benefit from saved costs, saved time, and ultimately avoiding becoming the next high profile victim of a breach, according to Mike Mclellan, SecureWorks’ director of intelligence.
Speaking at the ManuSec Europe 2021 virtual event, Mclellan said that the unique challenges identified in the manufacturing sector are safety, uptime and an extended perimeter. “The overriding importance of safety, making sure that systems and processes are working as designed, the staff are safe and the processes are complying with the relevant safety restrictions,” he added.
The ManuSec Europe 2021 event aimed to explore the various strategies and best practices that help deliver cybersecurity to critical manufacturers. It seeks to protect industrial networks, promote organizational alignment as support for IT/OT convergence, and establish a roadmap for cybersecurity of safety-critical systems that define the practical steps needed to protect their key assets from cyber threats.
“Uptime or availability is very easy normally for manufacturing organizations to quantify the impact of an hour, a day, a week of downtime,” Mclellan said. “So availability of some of your core production environments is absolutely important, and again any attack that jeopardizes that availability is going to really cause problems to manufacturing organizations.”
The manufacturing sector is known to operate in the extended perimeter with geographically distributed operations. “So you probably have got factories in countries you would rather not be in, but for various reasons such as supply of components and costs, whatever maybe, you are operating in these environments. It can make it quite hard to secure the physical premises, but also the IT premises as well,” Mclellan said.
Manufacturing enterprises are usually threatened by ransomware, business email compromise (BEC), worms, targeted attacks, and resource exhaustion (or consumption).
Ransomware is the most important thing affecting manufacturing customers at the moment. It is an opportunistic threat that affects a lot of organizations in other verticals as well. “But, manufacturing in particular is being hit hard by this threat. Criminals have realized that if you can disrupt a manufacturing organization, you have got a good chance to get a payout, and that is ultimately what they are after,” Mclellan said.
Recent ransomware attacks on manufacturing organizations include the attack on WestRock Company’s mills and converting locations which impacted the company’s production, leading to shipments from some of its facilities lagging in production levels. In March, Sierra Wireless halted production at its manufacturing sites after the company was hit by a ransomware attack on its internal IT systems on Mar. 20. The company’s website and other internal operations have also been disrupted by the attack.
Commenting on the recent Colonial Pipeline incident that involved the DarkSide ransomware, Mclellan said that the impact was much greater than the threat actually intended. “So ransomware operators are typically not looking to create national level incidents. They are looking to make as much money as they can from as many victims as they can, but try and stay under the radar in terms of law enforcement agencies.”
Another opportunistic threat that Mclellan raised was business email compromise. “So compromise a financial transaction by hacking into someone’s email inbox, change the payment details and cause the money for that transaction to be paid into a criminal controlled bank account. Again, not specific to manufacturing, but it’s definitely impacting all organizations in the vertical, and something you should be definitely thinking about,” he added.
Worms can include malware that can have a devastating impact on the manufacturing environment. Targeted attacks come from a “number of state sponsored threat actors, who are specifically after manufacturing because they are interested in intellectual property theft.”
To counter cybersecurity risks in manufacturing organizations, a clear understanding of the threat landscape, an ability to translate that into business risks, and knowing the extent to which the manufacturing organization’s existing security controls sufficiently mitigate that risk, he added.