Vectra, a leading cybersecruity firm, recently offered a report showing that the manufacturing industry exhibits higher-than-normal rates of cyberattack-related activity. According to the company, this stems, in part, from the increased convergence of the information technology and operations technology networks in manufacturing organizations.
The also revealed that attackers who can get past perimeter security can easily spy and steal due to insufficient internal security controls. Intellectual property theft and business disruption continue to be the primary reasons why manufacturers have become prime targets for cybercriminals. Other key findings include:
- A much higher volume of malicious internal behaviors, which is a strong indicator that attackers are already inside the network.
- More reconnaissance behaviors, which is a strong indicator that attackers are mapping out manufacturing networks in search of critical assets.
- An abnormally high level of lateral movement, which is a term used to describer how hackers progressively maneuver through a network as they search for key data and assets. This is a strong indicator that the attack is proliferating inside the network.
The report also included data from the 2018 Verizon Data Breach Industry Report, which looked at the intent and motives behind cyberattacks:
- 53 percent of breaches in the manufacturing sector were initiated by state-affiliated attackers. As manufacturing is closely related to the health of a nation’s economy, many nation-states want to give their companies an edge.
- 31 percent of manufacturing security breaches were classified as cyberespionage – the leading motive in such attacks.
- 53 percent of attempted attacks against the manufacturing industry had a financial motive, while 47 percent were motivated by espionage.
- The most common types of data stolen were personal (32 percent), industry secrets (30 percent) and network credentials (24 percent).
- At least one server was compromised in 58 percent of all manufacturing security breaches.
The monthly volume of attacker detections per 10,000 host devices in the manufacturing industry shows a much higher volume of malicious internal behaviors. These behaviors reflect the ease and speed with which attacks can proliferate inside manufacturing networks due to the large volume of unsecured IIoT devices and insufficient internal access controls.
The report suggests that many manufacturers simply do not invest heavily enough in security access controls. Once compromised, hackers can interrupt and isolate manufacturing systems that are critical for lean production lines and digital supply chain processes.
Many factories connect IIoT devices to flat, unpartitioned networks that rely on communication with general computing devices and enterprise applications. In the past, manufacturers relied on more customized, proprietary protocols, which made mounting an attack more difficult for cybercriminals. The conversion from proprietary protocols to standard protocols makes it easier to infiltrate networks.
The Vectra report is based on observations and data from the 2018 Black Hat Conference Edition of the Attacker Behavior Industry Report, which reveals attacker behaviors and trends in networks from over 250 opt-in enterprise organizations in manufacturing and eight other industries. From January through June 2018, the from Vectra monitored network traffic and collected metadata from more than four million devices, as well as workloads from customer cloud, data center and enterprise environments.
The analysis of this metadata provides a better understanding about attacker behaviors and trends, as well as business risks. The Cognito platform from Vectra enables enterprises to automate the process of hunting for cyberattacks in real time via the use of artificial intelligence platforms. The non-stop, always-learning behavioral models work to find hidden and unknown attackers before they do damage. It also provides visibility into cyberattacker behaviors.