The manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern security measures, creating exploitable vulnerabilities,” says Paul Cragg, CTO at managed security services firm NormCyber. “This is exacerbated by the integration of industrial internet of things [IIoT] devices, which expand the attack surface.”For example, many manufacturing organizations run outdated industrial control systems (ICS) that run antiquated software such as Embedded Windows XP, which no longer receives security patches. In addition, IoT, IIoT, operational technology (OT), and SCADA systems are often poorly supported by vendors because they are designed for operational capabilities rather than security.Lack of awareness from the business to understand what assets may be externally or internet facing is also an issue for organizations in this sector. Poor patching practices and misconfigurations are other sources of not infrequent problems for manufacturing CISOs.Syed M. Belal, global director of OT/ICS cybersecurity strategy and enablement for Hexagon’s Asset Lifecycle Intelligence division, tells CSO there were significant disparities in cybersecurity maturity across the sector.”While industries like chemicals and semiconductors exhibit relatively higher cybersecurity maturity, others, such as food and beverage or textiles, lag significantly,” Belal says. “Even within advanced sectors, inconsistencies persist across organizations.”Operational technology systems, which may include complex robotics and automation components, are typically replaced far more slowly than components of IT networks are, contributing to the growing security debt that many manufacturers carry.”Legacy systems, designed before modern cybersecurity threats emerged, often lack basic protections like encryption or access controls,” Hexagon’s Belal explains. “These vulnerabilities complicate patch management and make such equipment prime targets for attackers.”Experts consulted by CSO highlighted several categories of threats faced by the industrial sector. Ransomware remains one of the most severe threats facing the industrial sector today. Cybercriminals are employing advanced techniques such as double and triple extortion, in which organizations are threatened with the leak of portions of sensitive data.More than four in five (83%) manufacturing and utility firms were targeted by a ransomware attack in the past 12 months, according to a study by tech vendor Semperis.The majority (77%) were targeted multiple times, some even four times or more. Semperis also reports that 26% of industrial sector ransomware targets had to take systems offline, leading to business disruptions, while 17% had to close the business temporarily.Moreover, 68% of victims paid a ransom, with two thirds of those having paid a ransom multiple times, according to Semperis’ study.Out of 62 ransomware groups tracked by Cyfirma Research, 39 (63%) targeted the manufacturing sector. Ransomware groups such as BlackSuit, Meow, and Play showed a strong focus on the sector, according to Cyfirma, which adds that RansomHub is also active in targeting the sector.”Manufacturing is particularly hard-hit as attackers know any factory or plant can’t afford to be down for long, so they demand two to four times the ransom than they might from other targets,” says Julie Albright, COO at network discovery and asset inventory vendor runZero.
2. Industrial control system attacks
Industrial control systems attacks are another growing concern, particularly given the integration of IT and OT networks.”These interconnected networks provide more entry points for cybercriminals and insider threats,” says Jonathan Wright, director of products and operations at communication services provider GCX. “Once a threat actor gains access to one device or network segment, they can exploit the connected system to escalate their attacks.”IT/OT convergence expands the attack surface, making ICS environments more vulnerable to nation-state actors and advanced persistent threats.”Attackers can exploit vulnerabilities in PLCs, SCADA systems, and HMIs [human-machine interfaces], potentially causing severe disruptions to critical infrastructure and endangering public safety,” says Aron Brand, CTO of distributed cloud file storage firm Ctera. “Zero-trust architecture and robust network segmentation have become essential for limiting lateral movement within these environments, while AI-powered threat detection can help quickly identify and respond to malicious activities.”Another industrial environment cyber risk comes from third-party service and support partners visiting industrial sites with their own laptops and removable media to update firmware on the ICS they manage.”Malware hosted on media like USB drives can bypass traditional network-based security measures and move between IT and OT systems laterally,” notes James Neilson, SVP international at cybersecurity vendor OPSWAT. “Such environments were not designed to detect IT malware, leaving them highly vulnerable when compromised via removable media.”
3. Supply chain risks
Manufacturing supply chains are highly interconnected, with multiple suppliers and third-party vendors contributing to production processes.”Attackers are increasingly exploiting these relationships to launch supply chain attacks, targeting weak links to infiltrate OT systems,” Carlos Buenano, CTO for OT at Armis, tells CSO. “Once inside, they can cause production delays, manipulate product quality, or steal intellectual property.”Problems can arise due to a range of issues, including security vulnerabilities in critical software platforms, compromise from vendor support connections, or vendor software or hardware components compromised via an upstream attack.Between August and November 2024 alone,174 high-scoring vulnerabilities related to manufacturing were identified, with four having known exploits requiring immediate attention, according to Cyfirma.Protecting against supply chain attacks requires not only securing one’s own systems but also ensuring the security of all partners within the supply chain. “This might involve conducting vendor risk assessments and implementing strong contractual requirements for cybersecurity,” Armis’ Buenano says.The software supply chain, with a heavy reliance on open-source code, also creates a potential security headache for industrial sector organizations.”According to the 2024 Open Source Security and Risk Analysis report, 88% of all source code within manufacturing and robotic industry is open source code,” says Aditi Gupta, principal security consultant at Black Duck. “With the heavy reliance on OSS, comes the issues associated with license cost, operational risks, and security vulnerabilities.”Indirect risks, such as attacks on suppliers or logistical hubs, can also disrupt manufacturing operations. For instance, Japanese car maker Toyota suspended production at 14 assembly plants in February 2022 following a suspected cyberattack on its supplier, Kojima Industries.
4. IoT vulnerabilities
The proliferation of IoT devices in industrial settings has dramatically expanded manufacturers’ attack surfaces.These devices, often deployed without robust security measures, can serve as entry points for cybercriminals to access core OT systems. For example, compromised IoT sensors, such as smart meters in a power grid could disrupt monitoring and control functions, leading to major power outages.”As more businesses embrace smart technologies in manufacturing, new entry points for cybercriminals are opening up,” says Steve Knibbs, director of Vodafone Business Security Enhanced. “IoT devices, often shipped with default usernames and passwords or lacking strong encryption, can be exploited to access sensitive data, disrupt operations, or even tamper with production processes.”Manufacturers must regularly update software to fix vulnerabilities, apply strict access controls, and ensure that strong, unique passwords and multifactor authentication is used across environments. Companies should also look to segment networks to keep IoT devices separate from critical systems while rolling out real-time monitoring to pick up any threats.
5. Phishing
Phishing attacks on the manufacturing industry rose more than 80% between September 2023 and September 2024, according to a study by Abnormal Security.Business email compromise attacks targeting manufacturers have increased 56% year over year.Between September 2023 and September 2024, the number of vendor email compromise (VEC) attacks on manufacturers increased by 24%, Abnormal Security reports.Still, phishing is a cross-industry problem and other reports and experts we spoke to suggest manufacturing is less exposed than most.”The sector shows limited appeal for broad phishing campaigns due to low monetizable value, limited high-value data, and minimal PII repositories,” Cyfirma reports.
6. Regulatory pressures
Manufacturing subsectors such as automotive and electronics are increasingly reliant on automation and digitalization, and are facing more stringent cybersecurity regulation in the EU.”Regulatory frameworks, such as the EU’s NIS2 directive, now designate certain manufacturing domains, computers, electronics, machinery, motor vehicles, and transportation, as critical sectors, subject to enhanced cybersecurity requirements,” Hexagon’s Belal explains.
7. APT campaigns
Over the past year, nine out of 13 (69%) of APT campaigns obersved by Cyfirma targeted the manufacturing sector, peaking in September with sustained activity since, the company reports.Key threat actors running these attacks include Chinese groups, Russian groups (FIN7, Gamaredon), Pakistani APT36, Iranian Fox Kitten, and the North Korean Lazarus Group. Attacks impacted 15 countries with significant manufacturing economies, including the US, UK, Japan, Taiwan, and India, with increased activity in Vietnam.
8. DDoS attacks
Netscout’s 1H24 DDoS Threat Intelligence report revealed that the manufacturing industry, and related sectors such as construction, are among the main targets for DDoS attacks today.”As it continues to embrace digital technologies and extend its digital footprint, the manufacturing sector is becoming increasingly vulnerable to DDoS attacks,” says Richard Hummel, threat intelligence lead for Netscout. “Its vital contribution to the economy, along with its minimal tolerance for downtime and intricate digital landscapes, makes manufacturing, and related sectors, such an alluring target for threat actors.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3618133/8-biggest-cybersecurity-threats-manufacturers-face.html
