– by Robert Nobilo, Regional Director ANZ at Virsec

Cyber-attacks continue to be an increasing concern for every industry. But recently they’re becoming a bigger issue for the manufacturing industry than most others.

Cyber criminals frequently target manufacturing operations for their ransomware attacks. According to PwC’s Cyber Threats 2020: A Year in Retrospect report, the manufacturing sector and retail sectors shared the dubious honour of being the industries most targeted by ransomware: each accounted for 17 per cent of the total, well ahead of the second sector, technology, media and telecommunications with 10 per cent.

The PwC report detailed one ransomware attack on a multinational manufacturer based in New Zealand; “The attack saw the vast majority of its systems encrypted and rendered inoperable, breaking its supply chain, halting global manufacturing and distribution, and putting its banking covenants at risk.”

Another manufacturer hit by a cyber attack was local brewer Lion Australia, which also produces dairy products. In June 2020, it was hit by two ransomware attacks within 10 days, forcing it to halt beer production.

The attackers were reported to be demanding a payment in excess of $AUD 1 million. Earlier this year, JBS USA Holdings, the world’s largest meat company, was hit by a ransomware attack and, as a result, paid a $11 million ransom. JBS Australia, Australia’s largest meat and food processing company, was disrupted by this attack and forced to close 47 meat processing plants in Australia.

With these and other successful attacks, manufacturing will continue to be a high value target of ransomware gangs.

The costly impact of ransomware on manufacturing

The manufacturing sector is particularly sensitive to the impacts of ransomware and other cyber-attacks on two counts. Firstly, any disruption of day-to-day operations would likely leave a manufacturer unable to meet production demands, resulting in severe backlog and financial costs.

Secondly, manufacturers’ digital files contain extremely valuable intellectual property, such as product designs, that can represent millions of dollars in R&D. This sensitive company data makes manufacturers a prized target for hackers.

A high-profile example is the emerging reports that Russian spies stole the Astra Zeneca vaccine blueprint, in order to get ahead in the vaccine development race.

There’s another aspect of manufacturing that makes the sector particularly vulnerable: the increasing interconnectedness of legacy operational technology (OT) and information technology (IT) systems. This digitisation is exposing the once isolated OT systems to the Internet and therefore to hackers, which they were never designed to face.

The increasing convergence of OT and IT systems is giving hackers the opportunity to disrupt manufacturing processes directly, as the often weak security of OT offers an easy way into IT systems.

Furthermore, many OT systems use legacy technology that is not patched. There are many proprietary protocols involved with OT, and it is difficult to gain visibility into these systems to determine vulnerabilities and counter them.

To make matters worse, in the instances where OT systems monitor and control continuous production processes, they cannot easily be taken offline for analysis or upgrading.

And while the statistics suggest that, to date, manufacturers’ attitudes to the implementation of cyber security might have been less than ideal, in the future a lax attitude will not only be dangerous, it could be illegal.

Using runtime protection to secure the manufacturing industry

Recently, the Australian Federal Government introduced updated legislation to Parliament to protect Australia’s critical infrastructure, the Security Legislation Amendment (Critical Infrastructure) Bill 2020.

It greatly extends the scope of what is considered critical infrastructure, embracing organisations responsible for communications, data storage and processing, financial services and markets, water and sewerage, energy, healthcare and medical, higher education and research, food and grocery, transport, space technology, the defence industry and of course critical manufacturing.

There is likely to be a range of manufactured goods whose availability will be deemed critical, meaning the organisations that produce these goods will now be subject to new legislation and security requirements.

In short, now that OT and IT systems are interconnected, adequate protection of manufacturing facilities requires a new approach: advanced security tools that offer deeper levels of protection.

No matter how a system is compromised, for any attack to cause damage it must be able to disrupt the execution of legitimate software.

Therefore, if manufacturers can establish normal patterns of activity on the network, and flag any variation from this, they can halt any remote execution and prevent hackers from penetrating the system and causing damage.

This kind of security is far more advanced than traditional endpoint protection tools available on the market, which simply notify organisations of a possible intruder (often after it’s too late).

Endpoint detection tools also require systems to be taken offline, which presents an unacceptable factor for many companies. Manufacturers should instead be adopting security that protects during run-time. These advanced tools protect applications in real-time, automatically detecting any unusual access and thwarting it before code is remotely executed on the system.

For more information on protecting your manufacturing operations, visit www.virsec.com.