Some 20 percent of manufacturers were reportedly hit by a cyberattack in the last 12 months
June 15, 2021
BE’ER SHEVA, Israel and BOSTON—One-in-five manufacturing companies in the U.S. and U.K. have been victims of a cyberattack in the last 12 months, according to the 2021 Manufacturing Cybersecurity Threat Index released by Morphisec. Of the companies that were attacked, nearly a quarter (24 percent) reported that cyberattacks against their organizations occur weekly, Morphisec said in a release.
The cyberattacks are evidence of a rising threat to an industry that has recorded one of the highest number of attacks of any sector since the onset of COVID-19. Some of the recent attacks have debilitated manufacturing organizations by targeting intellectual property (IP) and critical infrastructure. Morphisec’s Manufacturing Cybersecurity Threat Index—its first—found that info stealers constituted the highest percentage of attempted attacks against manufacturers’ endpoints in the past year, the company said.
Morphisec (www.morphisec.com) combined internal data on the manufacturing attack landscape with an external survey of 567 manufacturing employees across the U.S. and U.K. in April 2021 to inform its index. The index reportedly found that 57 percent of manufacturing employees say they’re more worried today about their organization’s being targeted for IP by cybercriminals than they were a year ago. Seventy percent also noted that they believe manufacturers have been targeted more since the beginning of the pandemic.
Cybercriminals appear to have been encouraged by the global health crisis to go after vulnerable industries, such as manufacturing, that need to be operational around the clock. The economic impacts continue to increase, as businesses have incurred the costs of large ransom payouts and the knock-on effects of extended downtime, Morphisec said in the release.
To better understand the types of attacks that malicious actors use within the manufacturing sector, Morphisec analyzed attacks attempted during the last year against manufacturing endpoints on which Morphisec security is deployed. It is reported to have found that ransomware (13 percent) and supply chain (8 percent) attacks attempted against manufacturing endpoints were markedly increased over the last 12 months.
“Like the healthcare industry, the manufacturing sector has found itself increasingly in the crosshairs of cybercriminals over the last twelve months as they’ve turned their attention to always-on industries that can quickly line their pockets,” said Ronen Yehoshua, CEO of Morphisec, in the release. “However, manufacturers also face a growing risk of state-sponsored cyberattackers targeting them exclusively for intellectual property.”
Among the attempted attacks that targeted servers, Morphisec found that manufacturers experienced the most attempted exploits that were focused on initial access. This was the most active type of attempted attack on manufacturing servers (30 percent), as exploits targeted BlueKeep and SMBGhost. Ransomware (15 percent) was also highly used by attackers targeting the servers within manufacturing organizations. Many of these attempted attacks were designed to leverage human-operated ransomware to direct the attack upon entry into the target’s systems, according to the release.
Nearly all of these types of attacks can be costly for manufacturers. Through its surveying, Morphisec found that in most cases (53 percent), organizations needed up to a week to recover from the attacks. In a fifth of the incidents (18 percent), organizations required two weeks to recover. In the most extreme cases, where organizations needed three weeks or more to recover, respondents noted that they had fallen victim to ransomware, Morphisec said.
Yehoshua concluded by saying that one breach “can put the entire manufacturing infrastructure at risk,” and that “manufacturing organizations must treat the endpoint as the last true perimeter with automatic protection that stops ransomware, info stealers, and other advanced attacks before the breach.”