Manufacturing is becoming a major target for ransomware attacks

A combination of the critical nature of manufacturing plants and security vulnerabilities mean hackers are eyeing up easy pay days - and attacks are on the rise.
Written by Danny Palmer, Senior Writer

Ransomware has become a major threat to the manufacturing industry as cyber-criminal groups increasingly take an interest in targeting the industrial control systems (ICS) that manage operations.

According to analysis by cybersecurity researchers at security company Dragos, the number of publicly recorded ransomware attacks against manufacturing has tripled in the last year alone.

While a lot of manufacturing relies on traditional IT, some elements of manufacturing relies on ICS when mass-producing products – and that's an area that several hacking groups are actively looking to target.

SEE: Network security policy (TechRepublic Premium)

That's potentially very troubling because the interconnected nature of the manufacturing supply chain means that if one factory gets taken down by a cyberattack, it could have wide-ranging consequences.

For example, if a manufacturing facility that mass produces medicines or other health products was hit by a ransomware attack, that could have knock-on impacts for the healthcare sector as a whole.

It's this level of threat that has led cybersecurity researchers at Dragos to describe ransomware with the ability to disrupt industrial processes as the "biggest threat" to manufacturing operations – and at least five hacking groups are actively targeting or demonstrating interest in manufacturing.

For cyber criminals, manufacturing makes a highly strategic target because in many cases these are operations that can't afford to be out of action for a long period of time, so they could be more likely to give in to the demands of the attackers and pay hundreds of thousands of dollars in bitcoin in exchange for getting the network back.

"Manufacturing requires significant uptime in order to meet production and any attack that causes downtime can cost a lot of money. Thus, they may be more inclined to pay attackers," Selena Larson, intelligence analyst for Dragos, told ZDNet.

"Additionally, manufacturing operations don't necessarily have the most robust cybersecurity operations and may make interesting targets of opportunity for adversaries," she added.

The nature of manufacturing means industrial and networking assets are often exposed to the internet, providing avenues for hacking groups and ransomware gangs to gain access to the network via remote access technology such as remote desktop protocol (RDP) and VPN services or vulnerabilities in unpatched systems.

As of October 2020, the company said there were at least 108 advisories containing 262 vulnerabilities impacting industrial equipment found in manufacturing environments during the course of this year alone, many of which potentially leave networks vulnerable to ransomware and other cyberattacks.

"Unfortunately, unpatched vulnerabilities that can enable initial access will always be an issue. Testing and applying patches as soon as practicable is very important for preventing exploitation," said Larson.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

Cyber criminals are deploying ransomware because it's often the quickest and easiest way to make money from compromising a large network. But by gaining enough control of the network to deploy ransomware, hackers will often also be able to access intellectual property and sensitive data that also resides within the network.

That could potentially lead to hacking groups using ransomware as a smokescreen for cyberattacks designed to steal intellectual property, which could be extremely damaging to victims in the long run.

"Gaining visibility into the OT environment is very crucial – you can't protect what you don't know exists," said Larson.

That means taking steps such as conducting regular architecture reviews to identify assets, ensuring devices and services are kept up to date, and conducting "crown jewel analysis" to identify potential weaknesses that could disrupt business continuity.


Editorial standards