Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/20/2016
04:45 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Manufacturers Suffer Increase In Cyberattacks

Cyberattacks on manufacturing companies on the rise as attackers attempt to steal valuable intellectual property and information.

The manufacturing sector is now one of the most frequently hacked industries, second only to healthcare, a new report says.

Healthcare, which has a wealth of exploitable information within electronic records, moved into the top spot of the rankings, replacing financial services, which dropped to third place in IBM X-Force Research’s new 2016 Cyber Security Intelligence Index. Manufacturing rose from third place in last year’s report, which offers a high-level overview of the major threats to IBM’s clients' businesses worldwide over the past year.

Manufacturing includes automotive, electronics, textile, and pharmaceutical companies. Automotive manufacturers were the top targeted manufacturing sub-industry, accounting for almost 30% of the total attacks against the manufacturing industry in 2015. Chemical manufacturers were the second-most targeted sub-industry in 2015, according to IBM.

Many attackers are financially motivated and therefore are more likely to go after corporate networks where they could steal potentially valuable intellectual property or sensitive information, says John Kuhn, senior threat researcher with IBM X-Force. 

Meanwhile, The 2016 Manufacturing Report by professional services firm Sikich also reports a rise in attacks on the manufacturing sector -- with theft of intellectual property as a primary motive.

“The FBI estimated that $400 billion of intellectual property is leaving the US each year because of cyberattacks” and nation-state actors and other adversaries are starting to target manufacturing companies for this information, says Brad Lutgen, a partner in Sikich’s compliance and security practice.

Many manufacturing companies are behind the curve in security because they have not been held to compliance standards like financial services has, with the Payment Card Industry Data Security Standards and The Gramm-Leach-Bliley Act, or in the case of the healthcare industry, with the Health Insurance Portability and Accountability Act, Lutgen says. “Because of that, they [manufacturers] tend to be a little laxer with security in terms of some other industry verticals.”

As a result, there is a lack of adoption of key information security practices that have become standardized procedures across most industry verticals, Lutgen says. For example, only 33% of survey respondents indicated that their organizations were performing annual penetration testing within their IT groups.

Heartbleed, SQL Injection Leading Forms Of Attack

Manufacturers appear to be vulnerable to older attacks, such as Heartbleed and Shellshock. SQL injection is another prominent form of attack being waged against manufacturers, IBM’s Kuhn says. “Those [types of attacks] happened in volume,” last year, he says. The Heartbleed bug is a serious vulnerability found in the OpenSSL cryptographic that allows attackers to eavesdrop on communications, steal data directly from the services and users, and to impersonate services and users.

Attackers also targeted manufacturing companies’ enterprise servers via spearphishing schemes to lure employees to malicious websites, Kuhn says.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Manufacturing companies are starting to fortify their networks and corporate systems, Kuhn says, but their industrial control systems also pose a challenge. ICS systems might run a copy of Microsoft Windows or Unix that was issued ten years ago, so they can’t necessarily update it without the change causing an equipment failure, according to Kuhn. 

“When you talk about this industrial control space, it gets into a doomsday thing. It [an attack] might shut down a water plant or a nuclear plant. They are hard to defend,” Kuhn says. 

Take the proliferation of ransomware. What if it an attacker deploys ransomware to lock down manufacturing computers and says, “pay the ransom or you won’t be able to manufacture your products?” These are all things to consider, he says. “So there is a lot of work to do in the manufacturing industry to shore up their defenses for industrial control systems and corporate networks.”

Defensive Strategies

Sikich’s report offers manufacturers some advice about how to mitigate threats:

  • Conduct an annual IT risk assessment to properly understand where threats are originating from.
  • Perform annual penetration tests to simulate the threat of someone trying to break into your organization’s network.
  • Conduct ongoing vulnerability scanning throughout the year to help the organization stay up-to-date with new threats.

Related Content:

 

Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. He has witnessed all of the major transformations in computing over the last three decades, covering the rise, death, and resurrection of the ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15132
PUBLISHED: 2019-08-17
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocki...
CVE-2019-15133
PUBLISHED: 2019-08-17
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
CVE-2019-15134
PUBLISHED: 2019-08-17
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloo...
CVE-2019-14937
PUBLISHED: 2019-08-17
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
CVE-2019-13069
PUBLISHED: 2019-08-17
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.