It’s hard to believe it was almost six months ago I wrote a blog post mentioning how many communities were starting to lock down due to COVID-19. I also mentioned the effect a massive amount of people working from home could have on cybercrime.
Sure enough, a report published earlier this month from CrowdStrike, a global cybersecurity company, shows there were approximately 6,000 more cases of cyber activity in the first half of 2020 then there was in all of 2019. The other shocking statistic from “2020 Threat Hunting Report: Insights from the CrowdStrick Overwatch Team” was manufacturing was the No. 2 most-targeted industry during this time.
Let’s take a deeper dive into this report to see what the numbers say and what the manufacturing industry can do to combat the threat from cybercrime.
Manufacturing: A cybercrime victim of its own success
On its own, manufacturing being the second-most targeted industry for cybercrime is amazing. What makes it more amazing is that it was not even in the Top 10 in the same survey in all of 2019. According to a blog post by the Falcon OverWatch team back in July, the number of intrusions against the manufacturing industry were more than tripled between these two timeframes.
While the distribution chain may have been hit early in the COVID-19 lockdowns, manufacturing ramped up in a major way. We all remember grocery store shelves that were depleted as if a month-long hurricane or blizzard were forecasted. Manufacturers went into overdrive to keep up with this initial demand.
It was this sudden and sharp rise in manufacturing activity in the first half of 2020 that drew the attention of cyber criminals and even state-sponsored agents, according to the OverWatch team. Overwatch saw state-sponsored attackers try brand new techniques against the manufacturing industry while cyber criminals adapted and evolved their tactics, techniques and procedures (TTPs) to attack manufacturing.
“The often-critical nature of manufacturing operations and the valuable data that many manufacturing business hold make the industry an enticing target for adversary groups seeking to extract value and further their strategic objectives,” said the authors of the Threat Hunting Report.
As you can imagine, much of the manufacturing going on during this time was to replenish items most important to everyone in the United States: Those items important enough that people bought en masse that they couldn’t live without in case they couldn’t have access to them. This included toilet paper (which in some places hasn’t been replenished yet), staple food items, cleaning supplies, medical supplies, and hand sanitizer.
With these important supplies depleted, what better time for an enemy state to come in and try to disrupt the supply chain even further? Imagine the greater panic that would have ensued if food, medical, and sanitary supplies were unavailable months after the initial lockdowns. Also, think of the valuable information about manufacturing and distribution supply chains of nefarious state actors collected if they ever wanted to disrupt our system in the future.
On the other hand, the OverWatch blog post mentioned manufacturing has gotten swept up in what’s known as “big game hunting.” As it implies, big game hunting is when cyber criminals go after high-value targets with ransomware for the most bang for their ill-gotten bucks. According to OverWatch, not only have new campaigns sprung up to go after industrial control system processes but also they have adopted data exfiltration techniques and threated data leaks to reinforce ransom demands.
So now we know who is attacking the manufacturing industry and why. But how can manufacturers defend against the seemingly indefensible?
Simple rules for manufacturers to fight cyber attacks
For years, we’ve been suggesting to manufacturers to be wary of cyberattacks. While we are not cybersecurity experts, we know what the experts in the field do say to keep manufacturers safe. To fight against the current attacks, manufacturers need a two-pronged defense.
According to the OverWatch team, cyber criminals going after the manufacturing industry in 2020 are actively attacking weaknesses. This big game hunting technique is designed for maximum profit with the least amount of time invested. On the other hand, state agents who aren’t going for a quick buck tend to use confidence schemes and social engineering techniques (like phishing) to weasel their way into a company’s data.
Experts say there’s no 100 percent chance of stopping all cyberattacks, mainly because the defenders have no clue what the next move is from adversaries. Defenders will always be reacting instead of preventing. However, there are proven ways to help prevent already known attacks.
When it comes to hands-on attacks, one of the best ways to prevent intrusions is to keep all software updated. Yes, it seems annoying when we get a request from Windows to update ever few months, but these minor updates usually add defenses against known weaknesses that allow attacks.
It’s not only operating systems that need to be constantly updated to prevent against attacks. Anything that touches an internet connection within a business’ building or that patches into its intranet or servers needs to stay updated. This could be anything from the server software itself, to an on-prem ERP system, to web browsers that run web-based ERP systems like Sage X3.
On the other hand, the only way to defeat social engineering techniques is education and constant vigilance. Everyone – even the most experienced techie – is susceptible to letting a cybercriminal past all the defenses set up to defend against intrusions. I know: I was nearly a victim myself.
On a busy day a few summers ago, I saw an e-mail come across from Vince Stamey that asked me if I could go buy a few gift cards for clients. This is something I’ve done in the course of my job as the marketing director here at Practical Software Solutions, so it didn’t seem like an out-of-place request. What the scam artist didn’t count on was for me to march into Vince’s office and ask for his credit card. (Vince would never expect me to pay the amount the scammer was asking for out of my own pocket.)
On further inspection, the scammer wasn’t using Vince’s Practical e-mail account, and that’s what should have clued me in first. Even if Vince sends out a business e-mail on the weekends, he never uses anything but his Practical account. I was so busy, I was just paying attention to the conversation and not the details of the sender.
While this scam would have affected just me and not the company, we’ve had customers who did have their business affected by con artists. I’ve mentioned before how one of our customers had their e-mail hacked. The scammers read through e-mails and calendars to convince an employee that a manager who was on vacation was in trouble and wired tens of thousands of company money to a fraudulent account.
Now that manufacturing is in the unfortunate spotlight of cyber criminals, we strongly encourage everyone out there to keep their guard up and stay updated on all your software. A small investment in time, education, and money could save your company from a crushing attack.