Bringing cybersecurity globally to critical and complex key activities
Understanding the cyber threat:
The manufacturing sector, due to the nature of its activities, has long been kept away from the prerogatives of protecting computer systems. The reason for this is twofold: first, manufacturing companies have long been able to operate disconnected from the Internet and second, the general perception was that hackers were not interested in the information and assets owned by manufacturing organizations. The emergence of Industry 4.0 and the need for manufacturing companies to connect their industrial control systems (ICS) to the Internet has challenged this paradigm. Thus, the novelty of the emergence of network protection issues for these companies is accompanied by a gap compared to other sectors. This multiplies the opportunities for intrusion by malicious actors, which can leverage Intellectual property (IP) assets in order to generate income.
The manufacturing sector was particularly affected by the global COVID19 pandemic and continues its rise among the sectors most affected by cyberattacks. According to the 2021 Global Threat Intelligence Report (GTIR), the sector has become the second most impacted by cyberattacks, behind finance and insurance, with a rise of 300% in a year (2020 to 2021). A study conducted by Deloitte also shows that nearly 40% of manufacturing companies have suffered a cyber attack this year and that among these companies, 38% have experienced a loss of over 1 million dollars. Critical manufacturing firms involved in the vaccine cold chain were targeted by a phishing campaign in a larger effort to gain access to sensible information pertaining to the COVID 19 vaccine.
Phishing and Ransomware seem to be the most common types of threats targeting companies operating in the manufacturing sector. Phishing techniques (represent 75.4% of social engineering attacks conducted for this sector) are the most common vector used to gain initial access along with the use of stolen credentials. The lack of preparation of the sector explains the vulnerability of the industry to phishing attacks. Ransomware operators and more broadly cyber-extortion actors target heavily the manufacturing companies. Figures show that 92% of the attackers targeting the sector are financially motivated. Manufacturing companies have a particular incentive to pay large ransoms insofar as a downtime would be detrimental to their activity. As a result the cost-effective option is often the payment of the ransom. In 2021, the manufacturing industry is the sector most represented among cyber-extortion victims, with more than 350 enterprises in the ransomware leaks for the year.
June, 1, 2021, The meat supplier JBS fell victim to a cyberattack by the group REvil that affected the company’s production activities in several countries. This attack led to a paralysis of servers, leading to the suspension of production lines, particularly in Australia and the United States, where several slaughterhouses suspended their activities. This attack is a landmark for the manufacturing industry as JBS supplies almost a quarter of the world’s meat. This incident resulted in a $11 million ransom being payed to Revil’s operators.
The critical manufacturing sector is particularly at risk of being targeted by malicious actors. In December 2021, the CISA released a report tackling the issue and providing insights on the evolution of the cyberthreat for this sector. In particular, the CISA has identified vulnerabilities in ICS (Industrial Control Systems) that are even more crucial with the COVID pandemic forcing companies to adapt to remote working. Managing cybersecurity risks has become more complex, as companies are incited to resort to process automation. ICS play a key role in the securization of critical infrastructure, notably with regards to energy-related infrastructure.
ATK41
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK73
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK117
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK3
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK88
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK4
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK17
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK35
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK103
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK27
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK52
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations
ATK15
> Alias
> Suspected origin countries
> Suspected targeted countries
> Target sectors
> Motivations