Jun 17, 2021

Manufacturers are in the crosshairs of cybercriminals 

View,Inside,The,Aviation,Hangar,,The,Airplane,Mechanic,Working,Around

What You Can Do 

Earlier this year, Canadian aircraft manufacturer Bombardier announced they were a victim of a cyberattack. Industry Week’s report on the attack said, “This is not a broken record. This is not part of the script from the movie Groundhog Day. It is just the sad reality that cybersecurity attacks just keep coming. The threat landscape continues to evolve with hackers having access to far more sophisticated tools. Each time another breach impacts a manufacturer it clearly demonstrates just how much today’s hackers value having access to the mountains of data these companies possess.” Simply put, this summary sums up the state of affairs with manufacturers. The bad actors have found them to be an easy target – ripe for exploitation.  

A recent study by White Hat Security researchers found that among the all the vertical industries, the manufacturing sector is highly vulnerable to cyberattacks. They found that 70% of software applications used by manufacturers had at least one serious vulnerability that was not fixed over the past 12 months. In another study, security firm Trend Micro found that of the 500 manufacturing sector employees surveyed in the U.S., Germany and Japan, 61% said they had experienced cybersecurity incidents, with many causing system outages. 

In another case, a ransomware incident at a pair of manufacturing facilities in Italy temporarily shut down production for two days. The strain of ransomware called Cring was pushed masquerading as an anti-virus update to begin the compromise. Once on their network, the Cring ransomware was used to access the manufacturing equipment and bring it to a halt.  

How did we get here? 

Internet of Things (IoT), Industrial IoT (IIoT) and Internet of Everything (IoE) catapulted the manufacturing sector into the Internet age connecting anything and everything. IoT technologies helped retrofit industrial systems, manufacturing supply chains and processes with the much-needed hardware-software combo, and more importantly, the ability to easily manage everything through software.  

Many networking companies created devices to translate industrial protocols such as Zigbee and SCADA to TCP/IP and connect the operational technology (OT) network to your network and ultimately the Internet. Now, they can talk to other devices and processes in other locations and other organizations within their supply chain. The entire supply chain and partner ecosystem became connected. One could say mission accomplished, but then as is almost always the case cybercriminals and bad actors looked to exploit vulnerabilities in these interconnected networks and cause harm. 

While these technologies have delivered many significant benefits such as reduced costs and improved productivity, the urgency to hop on to the Internet has left many manufacturing companies vulnerable to attack. 

Key Lessons 

Learning from these and other incidents, certain key patterns have emerged. The attackers spent months understanding OT networks and the key people involved to gather their credentials. The initial compromise happens in the IT network, using some known unpatched vulnerabilities on the IT devices (in one case hackers leveraged old vulnerabilities in Fortinet’s VPN software), or some common phishing techniques. Once on their internal network they jump on to the industrial OT network — the network that directly interacts with machinery – to carry out their actual attack. 

How to Fix Top Vulnerabilities  

Researchers identified that the top vulnerabilities were information leakage, insufficient session expiration, cross-site scripting, insufficient transport layer protection, and content spoofing.  With proper network security policies configured on the security devices, many of these vulnerabilities can be fixed. On a broader context, here are some simple actions that you can take. 

  • Air-Gap your IT and OT networks:  Through network segmentation, separate the IT and OT networks, and institute independent set of access controls so that if the IT network gets compromised, the OT network doesn’t automatically become vulnerable. This is referred to as air-gapping. 
  • Keep your network devices in IT and OT network up to date: Install patches and upgrade software and hardware when provided by the vendors. It should be noted that the life cycle of network devices is much shorter than that of the equipment used in manufacturing companies. So, top leadership might need a mindset change to react timely while allocating budgets to replace devices that have reached their end-of-life cycle.   
  • Audit and assess security footprint: Due the ever-changing nature of the threat landscape, security solution vendors are bringing to market new innovations. These should be considered by the IT and Security teams and implemented as needed. Frequent audits such as defining security training efforts and checking your current strategy, must be done to assess the security footprint. 
  • Build security awareness:  Conduct security training for all employees. Awareness needs to be built to thwart social engineering attacks that could lead to being compromised. Certain key employees may need additional, specialized training like self-taught security diagnosis and new levels of analysis between machines and systems, because of the potential risk to the entire manufacturing facility if they get compromised.  

How to Protect Your Network and Data 

Layered Defense: Of course INTRUSION recommends a layered defense in all cases, to include implementing a rigid information security policy.  This includes boundary firewalls, virus/malware protection on all hosts and servers. But also, company owners need to rethink how to defend against what other solutions can’t. Not just from the technology perspective, but from the financial perspective. 

Why INTRUSION Shield:  All those previous mentioned technologies operate on the Layer 1, 3, and 4 of the OSI model or TCP/IP stack.  However, most new malware such as zero-day and file-less types do not.  Therefore, the typical aforementioned technologies do little to stop these new type of attacks.  Second and most important, while these new types of malware live on your network patiently waiting, they must eventually call home for instructions on what to do next.  Only INTRUSION’s Shield, using real-time Artificial Intelligence, will inspect every inbound and outbound packet to and from your network and compares that to a live list of 5.1 Billion verified good IP addresses out of 8.5 Billion total IP addresses.  If your data is destined to any other IP address or URL (website), Shield will automatically kill that attempted connection.  The zero-day and file-less malware may be on your network, but unless it can talk to home station for its next instructions it is dead on arrival.   

Sources: 

https://resources.trendmicro.com/Industrial-Cybersecurity-WP.html

https://www.industryweek.com/technology-and-iiot/article/21156122/bombardier-suffers-cyber-attack

https://www.whitehatsec.com/news/whitehat-security-introduces-appsec-stats-flash-a-modernized-approach-to-application-security-reporting/

https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/threat-report-h1-2020.pdf

Ready to get protected?

INTRUSION Shield is inexpensive enough to be affordable to every business, large or small. For a small fee per seat, per month – with no annual contract and no hardware to buy – you can get immediate protection.

Get your free report

Simply enter your URL and get a detailed report emailed to you.