Manufacturing sector seeing increased hacker snooping
Vectra report warns increased cyber-reconnaissance and lateral movement as hackers turn attention to manufacturing
The manufacturing industry appears to be the next target for hackers, according to a report from Vectra.
The AI-powered threat detection specialist said that the manufacturing industry exhibits higher-than-normal rates of cyberattack-related reconnaissance and lateral movement activity. This is due to the rapid convergence of enterprise information technology and operational technology networks in manufacturing organisations.
Vectra’s Attacker Behaviour Industry Report studies attacker behaviours and trends in networks from over 250 opt-in enterprise organisations in manufacturing and eight other industries. The latest report was compiled based on metadata from over 4 million devices and workloads from Vectra customer cloud, data centre and enterprise environments for the first six months of the year.
As part of key findings in the new 2018 Spotlight Report on Manufacturing, Vectra revealed that attackers who evade perimeter security can easily spy, spread and steal, unhindered by insufficient internal access controls.
The manufacturing industry has had a lower profile for cyberattacks compared to the retail, financial services and healthcare industries. However, intellectual property theft and business disruption are primary reasons why manufacturers have become prime targets for cybercriminals.
“Recent reports about nation-state cyberattacks against US utility control systems show that cybercriminals are intent on surreptitiously taking inventory of critical industrial assets and intellectual property to disrupt manufacturing business operations,” said Vikrant Gandhi, industry director at the analyst firm Frost and Sullivan.
Other key findings in the Spotlight Report on Manufacturing from Vectra include a much higher volume of malicious internal behaviours, which is a strong indicator that attackers are already inside the network; an unusually high volume of reconnaissance behaviors, which is a strong indicator that attackers are mapping out manufacturing networks in search of critical assets; an abnormally high level of lateral movement, which is a strong indicator that the attack is proliferating inside the network.
“The increase in industrial IoT devices exponentially increases the attack surface for manufacturers,” said Jürg Affolter, CIO at Brugg Cables. “Implementing continuous monitoring of the internal network for attacker behaviours as well as additional access controls are important since an agent-based solution isn’t possible for industrial IoT devices.”
“The interconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of industrial internet-of-things (IIoT) devices, has created a massive, attack surface for cybercriminals to exploit,” said Chris Morales, head of security analytics at Vectra.