Manufacturers are in the crosshairs of cybercriminals

What YouCan Do

Earlier this year,Canadian aircraft manufacturer Bombardier announced they were a victim of a cyberattack.Industry Week’s report on the attack said, “This is not a broken record. This is not part of the script from the movieGroundhog Day. It is just the sad reality that cybersecurity attacks just keep coming. The threat landscape continues to evolve with hackers having access to far more sophisticated tools. Each time another breach impacts a manufacturer it clearly demonstrates just how much today’s hackers value having access to the mountains of data these companies possess.”Simply put, this summary sums up the state of affairs with manufacturers. The bad actors have found them to be an easy target– ripe for exploitation.

A recent study by White Hat Security researchers found that among the all the vertical industries, the manufacturing sector is highly vulnerable to cyber attacks. They found that 70% of software applications used by manufacturers had at least one serious vulnerability that was not fixed over the past 12 months.In another study, security firm Trend Micro found that of the 500 manufacturing sector employees surveyed in the U.S., Germany and Japan, 61% said they had experienced cybersecurity incidents, with many causing system outages.

In another case, a ransomware incident at a pair of manufacturing facilities in Italy temporarily shut down production for two days.The strain of ransomware called Cring was pushed masquerading as an anti-virus update to begin the compromise. Once on their network, the Cring ransomware was used to access the manufacturing equipment and bring it to a halt.

How did we get here?

Internet of Things (IoT),Industrial IoT (IIoT) and Internet of Everything (IoE)catapultedthemanufacturingsector intothe Internet ageconnecting anything and everything.IoTtechnologieshelpedretrofit industrial systems, manufacturingsupply chainsand processeswiththe much-needed hardware-software combo,andmore importantly,the ability toeasilymanageeverythingthroughsoftware.

Many networking companiescreateddevicestotranslateindustrialprotocolssuch as Zigbee and SCADA to TCP/IPand connect theoperational technology (OT)networktoyour network and ultimatelythe Internet.Now, they cantalktootherdevices and processesin other locations and other organizationswithin their supply chain.The entire supply chain and partner ecosystembecameconnected.One could say mission accomplished, but thenas is almost always the case cybercriminals andbadactors looked to exploit vulnerabilitiesin these interconnected networksand cause harm.

Whilethese technologieshave deliveredmany significant benefits such asreducedcostsand improvedproductivity,the urgency to hop on to the Internethas leftmany manufacturing companiesvulnerable to attack.

Key Lessons

Learning fromthese and other incidents,certainkey patterns have emerged. The attackers spentmonths understandingOTnetworksandthe key people involvedtogathertheircredentials.The initial compromise happensinthe IT network, usingsome known unpatched vulnerabilities on the IT devices (in one case hackers leveraged old vulnerabilities in Fortinet’s VPN software), or some common phishing techniques.Once on their internal network they jump on to the industrial OT network–the network that directly interactswith machinery– to carry out their actual attack.

How toFix Top Vulnerabilities

Researchers identified that thetop vulnerabilities wereinformation leakage, insufficient session expiration, cross-site scripting, insufficient transport layer protection,and content spoofing.With propernetworksecuritypolicies configured on the security devices, many of these vulnerabilities can be fixed. On a broader context, here are somesimple actionsthat you can take.

• Air-Gap yourIT and OT networks:Through network segmentation, separate the IT and OT networks,and institute independent set of access controls so that if the IT network gets compromised, the OT network doesn’t automatically become vulnerable.This is referred to as air-gapping.
• Keep your network devices in IT and OT network up to date:Install patchesandupgrade software and hardwarewhen providedby the vendors. It should be noted that the life cycle of network devices is much shorter than that of theequipmentused in manufacturing companies. So, top leadership might need a mindset change to react timely while allocating budgets to replace devices that havereached their end-of-life cycle.
• Audit and assess security footprint:Due the ever-changing nature of the threat landscape, security solutionvendorsarebringing to market new innovations. Theseshould be consideredby the IT and Security teams andimplemented as needed. Frequent auditssuch as defining security training efforts and checking your current strategy,must be done to assess the security footprint.
• Build security awareness:Conduct securitytrainingforall employees. Awareness needs to be built to thwartsocial engineering attacksthat could lead to being compromised. Certain key employees may needadditional, specializedtraininglike self-taught security diagnosis and new levels of analysis between machines and systems,because of the potential risk to the entire manufacturing facility if they get compromised.

How to Protect Your Network and Data

Layered Defense:Ofcourse INTRUSIONrecommends a layered defense in all cases, to include implementing a rigid information security policy. This includes boundary firewalls, virus/malware protection on all hosts and servers.But also, company owners need to rethink how to defend against what other solutions can’t.Not just from the technology perspective, but from the financial perspective.

Why INTRUSIONShield:All those previous mentioned technologies operate on the Layer 1, 3, and 4 of the OSI model or TCP/IP stack. However, most new malware such as zero-day and file-less types do not. Therefore, the typical aforementioned technologiesdo little to stop these newtype ofattacks. Second and most important, while these new types of malware live on your network patiently waiting, they must eventually call home for instructions on what to do next. Only INTRUSION’sShield, using real-time Artificial Intelligence,will inspect every inboundand outboundpacket to and from your network and comparesthat to alive list of 5.1 Billion verified good IP addressesout of 8.5 Billion total IP addresses. If your data is destined to any other IP address or URL (website),Shieldwill automatically kill that attempted connection. The zero-day and file-less malware may be on your network, but unless it can talk to home station for its next instructions it is dead on arrival.

Sources:

https://resources.trendmicro.com/Industrial-Cybersecurity-WP.html

https://www.industryweek.com/technology-and-iiot/article/21156122/bombardier-suffers-cyber-attack

https://www.whitehatsec.com/news/whitehat-security-introduces-appsec-stats-flash-a-modernized-approach-to-application-security-reporting/

https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/threat-report-h1-2020.pdf

Ready to get protected?

INTRUSION Shield is inexpensive enough to be affordable to every business, large or small. For a small fee per seat, per month – with no annual contract and no hardware to buy – you can get immediate protection.

Request a demo

See what INTRUSION can do for your company with risk-free demo.

Get Demo

Get your free report

Simply enter your URL and get a detailed report emailed to you.

Get Report