Cyber attacks against manufacturers rising, according to report

Cyber attacks against manufacturers are occurring more frequently, according to a report by NTT Security, and the level of sophistication is also increasing.

09/20/2017


Manufacturers are a key target for cyber attacks—and they are continuing to rise, according to research by NTT Security. In addition, the sophistication of cyber attacks continues to rise across all corners of the world, according to NTT Security's Q2 Threat Intelligence Report.

The following is the attack profile of the manufacturing industry: 

  • The manufacturing industry was the most heavily targeted industry during Q2 2017, accounting for 34% of attack activity.
  • The manufacturing industry was also heavily targeted throughout 2016, appearing in the "top three" in five of the six geographic regions. No other industry appeared in the top three more than twice
  • Fifty-eight percent of malware distribution in manufacturing environments was via web-based downloads.
  • Eighty-six percent of malware in the manufacturing industry were variants of Trojans and droppers.
  • Reconnaissance accounted for 33% of all activity aimed at manufacturing clients in Q2 2017.

Manufacturing recon

Analysis suggests cyber criminals used several different scanning tools such as ZmEu, Metasploit and Muieblackcat to scan public-facing systems. These tools come equipped with several plugins, allowing for even beginner cyber criminals to scan and find vulnerabilities in systems and applications.

PHP-based applications accounted for 75% of all reconnaissance efforts against the manufacturing industry, according to the report.

A majority of this traffic was via the use of ZmEu and Muieblackcat scanning tools, which scan for vulnerabilities in common PHP files and plugins behind web applications and content management systems (CMS) such as WordPress.

In 2016, WordFence1 conducted a survey which indicated roughly 56% of all hacked WordPress sites were compromised via exploited plugins. The phpMyAdmin plugin was developed to simplify database administration, is the front-end to MySQL databases, and a popular target to gain full access over a database. Although these scans are common, they can be effective if web applications, websites, etc. are not configured following best security practices. This becomes a larger issue if the website or web server being used in a manufacturing organization sets up the web server in a "security unaware" manner, or does not apply automatic updates potentially leaving the company or organization blind to its vulnerabilities, the report said.

Brute-forcing traffic accounted for 22% of all attacks against the manufacturing industry, the report said. NTT Security focused on the server/application targets of this traffic, discovering FTP servers were of highest interest at 64%, followed by HTTP (18%) and SSH (11%).

Download technique

In addition, NTT Security discovered 86% of malware in the manufacturing industry were Trojan/dropper variants, which his software or applications that drop additional malicious binaries whether they appear to be legitimate or not. NTT Security analyzed the distribution efforts for delivering malware to systems in the manufacturing industry. The most common technique used to distribute malware was drive by downloads

"Most manufacturing systems today were made to be productive—they were not made to be secure. Every manufacturer is at risk—it isn't a matter of if they will be targeted, it's a matter of when," Rebecca Taylor, senior vice president for NCMS, said in the report.

Intellectual property is at a premium, and in a market where fractions of market shares can mean millions—or billions—of dollars, competition is fierce. Industrial control systems (ICS) are often left unguarded, and worse yet, they are often built with little to no thought for security, sometimes making protection of the device itself impractical. There is a lack of investment in cybersecurity, as funds are being spent upgrading systems to be more productive or more efficient. In fact, almost half of top executives in manufacturing firms neither feel confident in their technology to protect their networks, nor do they feel they have adequate funding.

Perhaps the most influential of all trends results in one of the greatest emerging cyber threats to the manufacturing industry: Smart factories, the report said. Hoping to add efficiency, productivity, quality of products and flexibility to the process, connected—or "smart"—factories are expected to add $500 billion to the global economy in the next five years, adding yet another avenue for threat actors to target the manufacturing industry.

This connectivity is expected to drive a 27% increase in efficiency during that timeframe, and by the end of 2022, manufacturers expect that 21% of all factories will be fully connected. But all these additional tools, devices, and robots are redefining the attack surface in the manufacturing industry, the report found.

Vast attack surface

Despite the benefits of connected devices, this creates an environment with a continually broadening attack landscape due to endpoint expansion, the report said. As these devices multiply, they can become crucial access points for an attacker to infiltrate a network, or become pawns in a botnet or even be victims of ransomware themselves. Simply put, the more systems you have, the more likely it is that an attacker is going to find something in your environment.

NTT Security recommends manufacturing organizations consider the following preventive and mitigation strategies:

  • Educate users on identifying and avoiding phishing emails—particularly since employees are the most often targeted, and may be the first, or only, line of defense.
  • Ensure computers, network and other Internet-connected devices, particularly industrial control systems, are running the most current versions of operating systems and software. Please note that the most current software versions are typically the most secure, but this is not always the case.
  • In addition to outside actors, don't forget to secure against the rogue insider—someone trusted within your organization, who perhaps has "the keys to the kingdom."
  • Enforce "least privilege"—vary the level of individual access, granted based on specific user needs and scenarios.
  • To every practical extent, isolate sensitive systems and network functions. Group associated sensitive functions onto protected networks whenever possible, to include segmenting ICS from other network functions.
  • Industrial networks are often not well segmented between IT/OT, so an infection in the former can easily spread to the latter.
  • Let malware such as WannaCry serve as a recent lesson: Although the manufacturing industry seemed almost immune to WannaCry, many Microsoft Windows machines inside ICS environments are not fully patched, and are often running outdated, unsupported versions.

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information Website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.

 

ONLINE extra

 

See related stories from ISSSource linked below.



The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me