Manufacturing industry at high risk of cyberattacks

Written by NTN staff

The manufacturing industry exhibits higher-than-normal rates of cyberattack-related “reconnaissance and lateral movement activity” due to industrial IoT devices and Industry 4.0 initiatives.

The manufacturing industry has had a lower profile as cyberattacks against the retail, financial services and healthcare industries have made headline, but intellectual property theft and business disruption are primary reasons why manufacturers have become prime targets for cybercriminals, according to a specialist.

This is due to the rapid convergence of enterprise information technology and operational technology networks in manufacturing organisations.

As part of key findings in the new 2018 Spotlight Report on Manufacturing, Vectra revealed that attackers who evade perimeter security can easily spy, spread and steal, unhindered by insufficient internal access controls.

"The interconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of industrial internet-of-things (IIoT) devices, has created a massive, attack surface for cybercriminals to exploit," said Chris Morales, head of security analytics at Vectra.

Other key findings in the Spotlight Report on Manufacturing include:
• A much higher volume of malicious internal behaviors, which is a strong indicator that attackers are already inside the network.
• An unusually high volume of reconnaissance behaviors, which is a strong indicator that attackers are mapping out manufacturing networks in search of critical assets.
• An abnormally high level of lateral movement, which is a strong indicator that the attack is proliferating inside the network.

The report is based on observations and data from the 2018 Black Hat Conference Edition of the Attacker Behavior Industry Report, which reveals attacker behaviors and trends in networks from over 250 opt-in enterprise organizations in manufacturing and eight other industries. From January through June 2018, the Cognito threat-detection and hunting platform from Vectra monitored network traffic and collected metadata from more than 4 million devices and workloads from customer cloud, data center and enterprise environments.