Our Platform

    Protect and safeguard your OT network and operations with the industry's most advanced, most capable cybersecurity platform.

    Learn More

      icon for visibility

      Asset and Network Visibility

      Discover and visualize every asset and every network connection in your OT environment.

      icon for policy enforcement

      Policy Enforcement

      Segment your network and enforce granular policies for true Zero Trust cybersecurity.

        icon-alert

        Anomaly and Threat Detection

        Identify unexpected or unauthorized activity, from Level 0 signals to cloud connections.

        icon for signal integrity

        Signal Integrity Validation

        Monitor physical process signals to detect threats and prevent system damage.

          Mission Secure Platform Overview

          Learn More

            Industries

            Keep your organization secure against cyber threats and take control of your OT network.

            View All Industries

              A Comprehensive Guide to Maritime Cybersecurity

              Learn More

                Resources

                Find helpful OT and ICS cybersecurity resources, guides, and downloads.

                View All Resources

                  eBook: A Comprehensive Guide to OT Cybersecurity

                  Read More

                    About Us

                    Our team of world-class OT, IT, and cybersecurity experts are setting the standard in OT cyber-protection.

                    Learn More

                      Cyber Risk: From a Hacker's Point of View

                      Listen Now
                        3 Min Read

                        Cyber Threats to the Manufacturing Industry

                        Written by Mission Secure

                        Cyber Threats to Manufacturing Industry featured image

                        Threats to Physical Systems Continue to Increase in Sophistication and Volume

                        The manufacturing sector continues to be the most active battleground between threat actors and operational technology (OT) security teams.

                        According to IBM’s 2024 X-Force Threat Intelligence Index report, "Manufacturing was once again the top
                        attacked industry in 2023 for the third year in a row.” The report cyber attacks against manufacturers represent more than the attacks against the energy, healthcare, and transportation sectors combined.

                        Ransomware attacks against manufacturers continue to make headlines, including recent high-profile attacks against Clorox, Bridgestone, and Dole Foods. Even when ransomware attacks target a manufacturer's IT systems, the effects often spread to production systems, either by proliferating across network boundaries or by forcing operators to shut down physical systems as a precautionary measure. The cost of these OT shutdowns often far exceeds the cost of the ransom a manufacturer pays to regain access to its IT assets.

                        As serious as the threat of ransomware may be, direct attacks against OT systems represent an even bigger risk. By manipulating industrial processes, attackers can damage equipment, harm the environment, and put human lives at risk. While manufacturing may not receive the same level of regulatory attention as other critical sectors like energy, water, and transportation, recent history shows that the sector remains a primary focus for attackers.

                        Attack on Honda Facilities Shows Accelerating Threat to Manufacturers

                        The June 2020 cyber-attack against Honda was another sign that the capabilities of criminal cyber attackers continue to evolve and can become more dangerous to OT infrastructure.

                        As described in The New York Times, “...the attack appears to have been carried out by software designed to attack the control systems for a wide variety of industrial facilities like factories and power plants.

                        Such cyberweapons previously were only known to have been used by state agents.”

                        Norsk Hydro Ransomware Attack Cost Millions

                        The 2019 LockerGoga ransomware attack against the Norwegian aluminum parts manufacturer Norsk Hydro is also a good example of the stakes. That attack cost the company $52 million in the first quarter of 2019. Norsk Hydro had to halt production temporarily, and one of its main production units was forced to unplug and shift to manual operations.

                        In some ways, Norsk Hydro was lucky. It was able to restore operations relatively quickly. But when a plant loses control of operational control systems, the results can quickly become catastrophic.

                        German Steel Plant Control Systems Attack

                        In 2014, a German steel plant was compromised, as confirmed by the Federal Office for Information Security (BSI) of the German government. The attack caused plant control systems to fail, which resulted in an inability to regulate or shut down the plant’s furnace. This led to confirmed significant physical damage to the steel plant.

                        Ransomware, Phishing, SQL Injection and SCADA / ICS Attacks

                        LockerGoga has been particularly effective against industrial and manufacturing targets and has been successful against Altran Technologies, Hexion, and Momentive, in addition to Norsk Hydro. In addition to LockerGoga, other ransomware prevalent in attacks against manufacturing facilities has included WannaCry, GandCrab, and BitPayment. The most common attacks against manufacturers, other than ransomware, were phishing attacks and SQLi injection attacks. Not surprisingly, attackers also targeted known vulnerabilities within SCADA and ICS hardware components.

                        Underreporting of Cyber-Attacks in Manufacturing

                        While the number of documented attacks against manufacturers is disturbing, it is likely only a small percentage of total attacks against this sector. This is because manufacturers do not have as many compliance reporting requirements as some other industries and are often not legally required to disclose data breaches. This probably makes it look like manufacturers are attacked less often than they actually are.

                        Manufacturing Supply Chain Threats

                        Physical and financial attacks can be designed to disrupt internal systems as well as those in a manufacturers’ supply chains. Manufacturers with international supply chains, a much bigger group than it used to be, are particularly susceptible to business email compromise fraud, which are a type of man-in-the-middle attack. After company email servers or even just individual email accounts are compromised, attackers insert themselves into existing communication threads to divert money to accounts under their control.

                        The Microsoft Exchange email server vulnerability exploits in February 2021 are the most recent example of high-profile software supply chain attacks to breach manufacturing and other critical industry networks. These exploits were preceded in December 2020 by the SolarWinds software compromise that unfolded into a massive supply chain cyber-attack hitting various parts of the U.S. government and private sector industries worldwide.

                        In the future, we can expect more disruptive events that leverage ransomware and supply chain attacks. These will likely evolve into more sophisticated sequenced or staged events that can compromise the integrity of process data in such a way as to ensure more significant damage to physical systems. Attackers are working on removing or disabling process protection and safety systems within ICS networks to further these goals.

                        Organizations Targeting Attacks on ICS Systems

                        There are currently numerous organized hacker groups operating today. Mitre, which released a version of its ATT&CK framework for industrial control systems early in 2020, maintains a useful knowledge base cataloging attackers. Mitre ATT&CK for ICS is currently tracking teen publicly reported groups that are targeting ICS systems. These groups are Allanite, APT33, Dragonfly, Dragonfly 2.0, Hexane, Lazarus group, Leafminer, Oilrig, Sandworm, and Xenotime.

                        The depth and breadth of these threat actors is worrisome and helps explain the sophistication of current attack tools and techniques. Manufacturers are particularly vulnerable given the combination of vulnerable legacy equipment and the hyper-connectivity associated with much of the new technology that makes up Industry 4.0 strategies.

                        Next Steps to Consider

                        In response to this increased network connectivity and complexity, cybersecurity teams need to enhance both visibility and network segmentation capabilities across IT and OT infrastructure. Every effort should be made to quickly flag anomalous behavior and to segment networks so as to limit hackers’ ability to move laterally once inside the network, for example, from IT infrastructure into the manufacturing facilities and vice versa.

                        Read more from Mission Secure.

                        Topics:

                        Interested in learning more? Send us a message.