The manufacturing sector has suffered the highest percentage of cyberattacks of any sector for three years in a row, according to IBM’s latest X-Force Threat Intelligence Report. Of the top 10 attacked sectors, manufacturing suffered 25.7% of all attacks, followed by finance and insurance at 18.2%. The highest “action on objective”—meaning “the cyber attacker’s end goal”—was malware. Ransomware represented 17% of actions on objective.
The same report reveals that 85% of attacks on critical infrastructure could have been prevented with basic cybersecurity principles, such as multi-factor authentication, reducing privileges across accounts, and patching known vulnerabilities.
The increase in the percentage of manufacturing attacks might also be the result of a decrease in successful attacks against other sectors because they’ve beefed up their security while manufacturing lagged behind.
One thing is for sure, these cyber threats aren’t going away. In addition to an increased attack surface and lagging on its cybersecurity posture, the manufacturing sector is known for frequently paying ransom fees, making it even more appealing as a prime target.
Recent attacks on the sector show just how prevalent these attacks on manufacturing and industrial control systems are becoming.
In 2023, the manufacturing and utilities sectors experienced 302 data breaches, causing $14.5 billion in financial losses. Two breaches alone resulted in over 70 million leaked records.
Here are the details of some recent high-profile hacks; the attack vector used, what the hacker got away with, and the fallout of the attack:
The popular bleach manufacturing company disclosed a data breach in August 2023, then another later in September. The company indicated that the breach had resulted in “an elevated level of consumer product availability issues.”
Little information exists on how the attack was perpetrated, although one speculation is that it involved social engineering, followed by ransomware.
The operational impact of the attack resulted in hundreds of millions of dollars in lost revenue from productivity delays which the company expected to continue through Q2 2024.
It doesn’t appear that the hacker got away with any data, but they did manage to bring systems down which severely affected the company’s revenue and ability to deliver products to retailers such as Walmart and Target.
Applied Materials is a major semiconductor materials provider that suffered a supply chain hack when one of its suppliers—MKS Instruments Inc.—was hit with a data breach. Applied Materials announced that the breach would negatively impact the company’s revenue by $250 million.
The supply chain attack involved ransomware, but MKS’ announcement didn’t disclose how it was carried out or how much data or intellectual property was exfiltrated. However, it did disclose that the inability to process orders would result in approximately $200 million in lost revenue for MKS alone.
Food production company JBS was poorly protected and fell prey to a ransomware attack, forcing the company to pay $11 million in ransom fees. The attack was made possible after a security breach leaked several employee credentials to the dark web. The hackers then used these credentials to enter the network and steal data which they threatened to publish if JBS didn’t pay them a ransom.
The hack lacked sophistication, which was an eye-opener because it highlighted the frailty in JBS’ security posture. A few months after the hack, the FBI issued a notice to inform the food manufacturing industry that cyberattacks were on the rise.
Because Food and Agriculture form such core elements of society, as do many manufacturing companies, these companies consider ransoms a cost of doing business and often pay them quickly to get up and running again.
When Toyota discovered malware and a threatening message on one of its servers in 2022, the company cut off production across 14 of its plants, reducing its global output by one-third. Toyota later discovered that one of its suppliers had been compromised.
The company provided little additional data about how the attack occurred or what its purpose was, but the attack resulted in a massive reduction in global output. Details later emerged showing that attackers were able to install a backdoor in a web app to carry out the attack.
Several other major manufacturing hacks have occurred where details are sparse. This is likely because companies typically report only the bare minimum of data breach details – just enough to satisfy regulation and compliance standards. News of data breaches can be catastrophic for revenue due to the reputation impact.
In Brunswick Corporation’s case, the company suffered a hack that forced it to halt production, resulting in losses of $85 million. Few other public details of the hack exist.
Simpson Manufacturing, a massive American producer of building and structural materials, announced in an SEC filing that it was hit by a hack but didn’t share any further information about the nature of the hack. The company had to take several systems offline while investigating.
High-profile manufacturing companies aren’t the only ones at risk of data breaches. The entire sector has several aspects that make it an attractive target for threat actors.
The manufacturing sector is renowned for its legacy technology. Massive operational technology (OT) systems are challenging to upgrade, and it’s causing a bottleneck.
Upgrading solutions from the ground up is often prohibitively costly and companies usually take a misguided “if it’s not broken, don’t fix it” approach. Not only is this a security issue, but it results in the loss of competitive advantages. When Netscape did this with its browser, it completely lost market share and became a relic of the Internet of the past.
However, as manufacturing companies continue running on outdated tech, they’re more and more vulnerable to attacks. This problem is exacerbated when it comes to end-of-life (EOL) IT, which refers to software or hardware that is no longer supported by the company that made it. In manufacturing and related critical sectors, replacing such EOL tools is typically a massive task, potentially leading to delays in carrying it out. Nonetheless, working with software or hardware that’s no longer supported is a huge security risk because fixes or patches for known vulnerabilities are not released.
As shown by the two high-profile hacks earlier, disrupted production is catastrophic for the manufacturing industry. For this reason, the manufacturing sector often pays ransoms, making it a highly attractive target for cybercriminals. By treating ransomware payments as just another expense, attackers are incentivized to target a willing industry.
Coupling the massive infrastructure of OT with the rapid pace of tech advances means that manufacturing companies often end up with a patchy infrastructure that lacks cohesion from a cybersecurity perspective. This makes it challenging to secure comprehensively.
While that’s problematic enough, manufacturing companies might also lack the necessary in-house expertise to properly structure their cybersecurity setup or address potential vulnerabilities, making them even more susceptible.
Manufacturing companies can’t afford to operate complacently on the subject of cybersecurity. Hackers have the manufacturing sector and their intellectual property in their crosshairs and the stakes have reached monumental proportions. In 2021, the average ransom demand was nearly $22 million, and demands of $50 million have also been seen, specifically from notorious hacker groups REvil and Lockbit.
Manufacturing companies might feel overwhelmed regarding where to start, which is understandable. The most logical way to quickly get an effective cybersecurity solution up and running in a manufacturing context is to bring on a managed security service. Managed security does away with the need for a costly cybersecurity team. It also offers 24/7 service, while bringing in superior domain expertise at a fraction of the cost.
Cybersecurity is challenging enough in non-manufacturing contexts. It becomes additionally complex when dealing with so many legacy systems. A managed security provider such as SolCyber can advise you on the best way to move forward with a robust cybersecurity strategy.
From all appearances, cyberattacks will continue to increase in this sector. Investing in robust cybersecurity is no longer a choice, but a vital necessity.
To learn more about how SolCyber can help your manufacturing company improve its cyber-resilience, reach out to us for a discovery call.