Manufacturing

(12) attackers < Back

Understanding the cyber threat:

The manufacturing sector, due to the nature of its activities, has long been kept away from the prerogatives of protecting computer systems. The reason for this is twofold: first, manufacturing companies have long been able to operate disconnected from the Internet and second, the general perception was that hackers were not interested in the information and assets owned by manufacturing organizations. The emergence of Industry 4.0 and the need for manufacturing companies to connect their industrial control systems (ICS) to the Internet has challenged this paradigm. Thus, the novelty of the emergence of network protection issues for these companies is accompanied by a gap compared to other sectors. This multiplies the opportunities for intrusion by malicious actors, which can leverage Intellectual property (IP) assets in order to generate income.

The manufacturing sector was particularly affected by the global COVID19 pandemic and continues its rise among the sectors most affected by cyberattacks. According to the 2021 Global Threat Intelligence Report (GTIR), the sector has become the second most impacted by cyberattacks, behind finance and insurance, with a rise of 300% in a year (2020 to 2021). A study conducted by Deloitte also shows that nearly 40% of manufacturing companies have suffered a cyber attack this year and that among these companies, 38% have experienced a loss of over 1 million dollars. Critical manufacturing firms involved in the vaccine cold chain were targeted by a phishing campaign in a larger effort to gain access to sensible information pertaining to the COVID 19 vaccine.

Phishing and Ransomware seem to be the most common types of threats targeting companies operating in the manufacturing sector. Phishing techniques (represent 75.4% of social engineering attacks conducted for this sector) are the most common vector used to gain initial access along with the use of stolen credentials. The lack of preparation of the sector explains the vulnerability of the industry to phishing attacks. Ransomware operators and more broadly cyber-extortion actors target heavily the manufacturing companies. Figures show that 92% of the attackers targeting the sector are financially motivated. Manufacturing companies have a particular incentive to pay large ransoms insofar as a downtime would be detrimental to their activity. As a result the cost-effective option is often the payment of the ransom. In 2021, the manufacturing industry is the sector most represented among cyber-extortion victims, with more than 350 enterprises in the ransomware leaks for the year.

Manufacturing ranks 5th among sectors with the highest risk of internal threat. Employees working in the sector are often untrained and thus considered as weak links that can be leveraged by hackers. Malicious insiders are also common in manufacturing organizations, whether they are after a fincancial or personnal objective.

Manufacturing companies represent 22% of cyber espionage victims according to Verizon. This figure demonstrate the importance of Intellectual property as a valuable asset that can be levergaed by cyber attackers.

June, 1, 2021, The meat supplier JBS fell victim to a cyberattack by the group REvil that affected the company’s production activities in several countries. This attack led to a paralysis of servers, leading to the suspension of production lines, particularly in Australia and the United States, where several slaughterhouses suspended their activities. This attack is a landmark for the manufacturing industry as JBS supplies almost a quarter of the world’s meat. This incident resulted in a $11 million ransom being payed to Revil’s operators.

The critical manufacturing sector is particularly at risk of being targeted by malicious actors. In December 2021, the CISA released a report tackling the issue and providing insights on the evolution of the cyberthreat for this sector. In particular, the CISA has identified vulnerabilities in ICS (Industrial Control Systems) that are even more crucial with the COVID pandemic forcing companies to adapt to remote working. Managing cybersecurity risks has become more complex, as companies are incited to resort to process automation. ICS play a key role in the securization of critical infrastructure, notably with regards to energy-related infrastructure.

X Reset

ATK41

> Alias

APT 10

APT10

...

> Suspected origin countries

China

> Suspected targeted countries

Belgium

China

...

> Target sectors

Aerospace

Defense

...

> Motivations

Espionage

ATK73

> Alias

Professional Adversarial Threat Group

TAG-CR4

...

> Suspected origin countries

United States

United Kingdom

...

> Suspected targeted countries

United Kingdom Of Great Britain And Northern Ireland

United States Of America

> Target sectors

Casino & Gaming

Education

...

> Motivations

Financial Gain

ATK117

> Alias

APT 38

APT38

...

> Suspected origin countries

North Korea

> Suspected targeted countries

Bangladesh

Brazil

...

> Target sectors

Aerospace

Energy

...

> Motivations

Financial Gain

ATK3

> Alias

COVELLITE

Hidden Cobra

...

> Suspected origin countries

North Korea

> Suspected targeted countries

Korea, Republic of

United States Of America

> Target sectors

Aerospace

Energy

...

> Motivations

ATK88

> Alias

FIN6

ITG08

...

> Suspected origin countries

Unknown

> Suspected targeted countries

United States Of America

> Target sectors

Energy

Financial Services

...

> Motivations

Financial Gain

ATK4

> Alias

APT 37

APT37

...

> Suspected origin countries

North Korea

> Suspected targeted countries

China

Nepal

...

> Target sectors

Aerospace

Chemicals

...

> Motivations

Espionage

ATK17

> Alias

APT-32

APT-C-00

...

> Suspected origin countries

Vietnam

> Suspected targeted countries

Australia

China

...

> Target sectors

Communication

Defense

...

> Motivations

Espionage

ATK35

> Alias

APT 33

APT33

...

> Suspected origin countries

Iran

> Suspected targeted countries

Iran, Islamic Republic Of

Iraq

...

> Target sectors

Aerospace

Aviation

...

> Motivations

Espionage

ATK103

> Alias

GOLD TAHOE

GRACEFUL SPIDER

...

> Suspected origin countries

> Suspected targeted countries

Canada

Chile

...

> Target sectors

Education

Energy

...

> Motivations

Financial Gain

ATK27

> Alias

Dark Caracal

TAG-CT3

> Suspected origin countries

Lebanon

> Suspected targeted countries

China

France

...

> Target sectors

Defense

Education

...

> Motivations

Coercion

Financial Gain

...

ATK52

> Alias

APT-C-06

DUBNIUM

...

> Suspected origin countries

South Korea

> Suspected targeted countries

China

Japan

...

> Target sectors

Defense

Government and administration agencies

...

> Motivations

Espionage

ATK15

> Alias

APT 27

APT27

...

> Suspected origin countries

China

> Suspected targeted countries

China

Hong Kong

...

> Target sectors

Aerospace

Communication

...

> Motivations

Manufacturing

The state of the threat in the midst of COVID 19

The most common threats for manufacturing companies

Other common threats

Revil’s attack on JBS Foods

Manufacturing sector and critical infrastructures

APT 10

APT10

...

China

Belgium

China

...

Aerospace

Defense

...

Espionage

Professional Adversarial Threat Group

TAG-CR4

...

United States

United Kingdom

...

United Kingdom Of Great Britain And Northern Ireland

United States Of America

Casino & Gaming

Education

...

Financial Gain

APT 38

APT38

...

North Korea

Bangladesh

Brazil

...

Aerospace

Energy

...

Financial Gain

COVELLITE

Hidden Cobra

...

North Korea

Korea, Republic of

United States Of America

Aerospace

Energy

...

FIN6

ITG08

...

Unknown

United States Of America

Energy

Financial Services

...

Financial Gain

APT 37

APT37

...

North Korea

China

Nepal

...

Aerospace

Chemicals

...

Espionage

APT-32

APT-C-00

...

Vietnam

Australia

China

...

Communication

Defense

...

Espionage