Ransomware attacks in manufacturing tripled in 2020

2 Mar 2021

Image: © ipopba/Stock.adobe.com

PwC’s Pat Moran discusses the growth of cybercrime in the manufacturing sector and how companies can protect themselves.

The number of reported ransomware attacks on manufacturing entities more than tripled in 2020 compared to the previous year, according to a report from industrial cybersecurity company Dragos.

Dragos detects and responds to threats in industrial controls systems and operation technology (OT). It found that the manufacturing sector has become a growing target for cybercriminals worldwide.

PwC cybersecurity leader Pat Moran said the impact of ransomware attacks on technology systems can extend far beyond financial loss. “It can result in supply-chain issues and even physical danger,” he said.

“Adopting defence-in-depth security strategies and having effective preventative, detective and corrective controls in place is critical for reducing risk.”

Cybercriminals can target users through spear-phishing or by exploiting software vulnerabilities and enterprise network equipment. As with other industries, the most common initial access points for ransomware attacks are devices that are connected to the internet.

“As companies move towards smart manufacturing processes, care needs to be taken with adopting Wi-Fi-enabled industrial devices and tools,” said Moran.

“If these devices are connected to corporate networks or other networks and are not protected properly, they can become network access points by a cyberattacker. Attackers use these techniques to gain a foothold on the corporate IT system and then attempt to disrupt the IT environment and manufacturing operations,” he said.

Why have OT systems become a prime target?

OT is a critical part of monitoring and managing industrial control processes and manufacturing equipment such as assembly and production lines.

However, unlike standard IT systems, companies can often be slower to update their OT systems due to the time and resources it takes to do so. This leaves the systems vulnerable.

As Moran mentioned, the field of smart manufacturing is accelerating, which creates more access points for savvy cybercriminals.

Ransomware attacks on OT systems also have the potential to inflict far more damage than a regular IT system because they can impact critical products and services on a large scale. This creates a greater incentive for cybercriminals, making OT systems a more attractive target.

How to reduce the risk of ransomware

Moran said performing vulnerability assessments on key control systems is essential to identify and remediate any software security issues.

It’s also critical to have proper segmentation between the IT and the OT network. “Regularly conduct architecture reviews to identify all assets, connections, and communications between IT and OT networks,” he said.

As manufacturing operations become increasingly connected, it’s important to have good visibility of assets, processes and external connections. Companies should monitor outbound network connections from OT networks to detect any malicious threat behaviours.

With the Covid-19 pandemic forcing many processes to go remote, it’s extremely important that companies secure any remote access to industrial systems to reduce the risk of cyberattacks. Speaking to Siliconrepublic.com earlier this year, NordVPN Teams’ CTO, Juta Gurinaviciute, pointed out the importance of this. “If you had 5,000 employees, now you have 5,000 offices to take care of,” she said.

Moran added that one way to secure remote entry points is to use a barrier such as a virtual private network. He also said that the best defence against ransomware is robust and well-tested backups.

“Organisations can recover quickly if they have good backup and restoration policy and procedures in place. They should maintain recent backups online and offline to ensure their system can be restored correctly,” he said.

“It is also important for organisations to have a comprehensive and well-tested incident response plan to respond to any cyber threats and it must be designed with OT concerns in mind.”

Jenny Darmody is the editor of Silicon Republic