Humans managed and monitored traditional industrial systems manually. The growing need to scale services, Big Data, and Smart Analytics led to an OT-IT convergence for industrial systems. The significant advantage of this was that it simplified industrial processes and provided a unified view of the machines, switches, sensors, and other system components. However, this did not come without a downside. These systems, now exposed to remote access and the Internet, are vulnerable to cyberattacks.
The research conducted by Kaspersky ICS CERT researchers finds that nearly a fifth of organizations affected by the SolarWinds incident in 2020 were manufacturers.1
The security gaps with IT-OT convergence
Adopting Industry 4.0 introduces a high level of automation, computer-integrated manufacturing practices, and collaboration capabilities to optimize OT and supply chains. With interconnected and IoT-driven OT and supply chains, cybercriminals target small and medium businesses (SMBs) for easy entry points into more prominent manufacturers’ domains. Factors such as legacy software for OT platforms and IoT devices, outdated vulnerability testing and incident response practices, and inadequate access control policies make manufacturers easy and lucrative targets.
In its 13th annual Data Breach Investigations Report, Verizon reports that financial reasons fueled 73% of cyberattacks against manufacturers and most of the remaining for industrial espionage.2
How Cyberattacks Impact Manufacturers
Cyberattacks invite legal and compliance investigations for manufacturers with many times hefty penalties and undesired consequences. Cyberattacks can also essentially result in unplanned downfalls in production and supply. One of the most infamous cyberattacks, NotPetya, carried out in 2017, affected some of the largest businesses worldwide. It cost Merck, FedEx, Saint-Gobain, Maersk, and Mondelēz over $2 billion in damages.3
Cyberattacks affect manufacturers in the following ways:
Any compromise to mission-critical OT systems can hamper operations. Such production downfall can cascade downstream and lead to other operational inefficiencies. In complex manufacturing systems, sometimes, disrupting one component can bring all operations to a grinding halt.
Loss of market share
Cyberattacks that target stealing pricing strategy and trade negotiation tactics can take away the competitive advantage. Failure to contain and recover from such attacks can soon result in loss of reputation and market share.
Harm to human health and damage to property
Processes related to flow, humidity, light, pressure, proximity, sound, temperature, and vibration drive the manufacturing systems. Hijacked industrial control systems (ICS) and IoT devices can create hazardous environmental conditions in manufacturing plants. Tampered and malfunctioning systems at the plants can also damage property and cause financial losses.
In 2017, a rogue code (malware) Triton was discovered in a petrochemical plant’s core operating network. The code was designed to disable safety systems that prevent catastrophic industrial accidents. The investigation revealed that the code infiltrated the corporate IT network in 2014 and crawled its way to the core operating network, aided by misconfigured firewalls and unpatched vulnerabilities.4
Impaired business growth
By their very nature, cyberattacks impair the growth of all manufacturing functions. Well-planned cyberattacks to steal irreplaceable intellectual property (IP) or to cause extensive damage can hamper growth temporarily or, at times, permanently.
4 Cyberattacks that Target Manufacturers
As modernized manufacturing systems become more connected, a growing attack surface exposes them to more vulnerabilities and attacks. Manufacturing is the second most attacked industry in 2020, up from the eighth place in 2019!5
While manufacturers make giant leaps towards modernized manufacturing systems, here are the top 4 cyberattacks that they must avoid:
1. Denial of service or DoS
DoS attacks flood target systems with overwhelming public or private network traffic, with an intent to cut them off from servicing legitimate requests. Persistent DoS attacks can quickly exhaust the target systems’ resources and network infrastructure, and lead to unplanned production outages and disrupt supply chains.
In the April of 2013, a single source connected with all of the Internet – the 3.7 billion connected computers and devices in factories, pockets, and offices worldwide. This incident revealed that 114,000 manufacturing control systems were vulnerable, and up to 13,000 systems were not password-protected.6
2. System privilege misuse
Insiders with access to critical systems can misuse the access privileges to sabotage and bring down the systems, steal essential data, or plant malware and other such attacks. Some of the common catalysts for privilege misuse are excessive access privileges to insiders, unprotected OT environment, and unaudited user access to critical systems.
Privilege-misuse attacks can also be carried out without the knowledge of an insider. Access credentials that aren’t strong enough are easily hacked and used to carry out cyberattacks. Social engineering can also lead to cyber attackers stealing passwords. The impact of privilege misuse could range from stolen data to systems made inoperable for manufacturing and supply.
Malware is malicious software that is injected into the target systems, undetected. Cyber attackers plant malware through other apps by exploiting the software and browser vulnerabilities or other inconspicuous methods. Cyber attackers design malware to block access to key system components, covertly transmit essential data, and even render the entire system inoperable.
Some of the malware attacks include the WannaCry, BitPayment, LockerGoga, Ryuk, and REvil.
4. Zero-day exploits
Zero-day exploits exploit software and network vulnerabilities after the vulnerabilities are discovered and before the patches are implemented. These zero-day exploits can happen from malware attacks or insider threats. With the introduction of open-source software for OT, zero-day exploits seem far more possible these days.
How to Reduce and Contain Cyberattacks
A novel approach to reduce and contain cyberattacks is to use the NIST Zero Trust architecture to secure manufacturing systems. Zero Trust architecture-based security does not implicitly trust the system components—the applications, assets, and user accounts. The components are segmented, and all access to the components is subject to attribute-based, software-designed policies—this approach to security shields the crown jewels from unauthorized access. When a security incident occurs, the segmentation and policies contain the infection, and the crown jewels stay protected. The Zero Trust approach to cybersecurity is in complete contrast to the traditional security models that blindly trust everything inside the network perimeter.
ColorTokens Xtended ZeroTrust™ Platform is a Zero Trust-based solution that can protect vital manufacturing systems by vastly reducing their attack surface, containing and, in most cases preventing breaches and attacks. The platform can detect new and evolving threats, address manufacturers’ compliance requirements, and protect vital OT systems by simplifying the security of complex OT environments. The platform’s versatility and intuitive UI empower IT security teams to strengthen their OT defenses.
Read our solution brief for the manufacturing sector here.