Stats & Trends
The Barkly Team
Sep 2018

Cyber Attacks Against Manufactures on the Rise


Photo by Fiat Chrysler Automobiles

Manufacturing is one of the most aggressively targeted industries for cyber attacks. Learn why the risk is increasing and what companies can do about it.

Attacks on other industries may make more headlines (take finance, retail, healthcare, or local government, for example), but the truth is manufacturing ranks among the verticals hardest hit by hackers. With incidents becoming more frequent and more damaging, there is increasing pressure to understand what makes manufacturing companies particularly vulnerable to cyber attacks, and what can be done to reduce their risk.  

Manufacturers are under fire


Source: EEF's Cyber Security for Manufacturing report

According to EEF's 2018 Cybersecurity for Manufacturing report, 48% of manufacturers have suffered cyber attacks, with half of those victims sustaining financial or other business losses. NTTSecurity's 2018 Global Threat Intelligence Center report identified manufacturing as the fourth-most targeted industry, behind only finance, technology, and business and professional services. 

As successful attacks have grown more prevalent, so too have the costs. The U.S, National Center for Manufacturing Sciences (NCMS) has pegged the cost of breaches in manufacturing between $1M and $10M. According to a report from MForesight, the Alliance for Manufacturing Foresight, some 400 manufacturers were attacked every single day in 2016, racking up over $3B in losses. In comparison, last year's NotPetya outbreak alone cost pharmaceutical manufacturer Merck more than $240M due to a shutdown in production, and $310M in total.

The Biggest Threat: Espionage & Extortion, Followed by Disruption to Production

The primary goal in over 90% of malware aimed at manufacturers is espionage — cybercriminals attempting to steal intellectual property and trade secrets. In fact, according to NCMS, 21% of manufacturers have lost intellectual property as a result of a cyberattack, and more than 90% of data stolen by cybercriminals is considered “secret” or “proprietary.”

Cybercriminals are using a variety of methods to gather data, ranging from trojan/dropper variants (86%) to reconnaissance malware (33%) such as Formbook, which not only steals data but can also log keystrokes, swipe clipboard contents and sniff HTTP sessions, as well as execute instructions from a command and control (C2) server. In fact, in many cases, the initial malware infection merely opens a backdoor that connects to a (C2) server, giving cybercriminals undetected access to slowly siphon data for as long as possible.

In most cases, it seems the hackers’ end-goal is ultimately extortion: threatening to sell trade secrets or expose the victim organization for alleged wrongdoings unless they pay up. For example:

  • In late 2016, a pre-cast concrete company, which does contract work with the U.S. Navy, was targeted by TheDarkOverlord (TDO) hacker group, which threatened to publicly release contract data along with video and images that appear to show a fatal accident if the company didn’t pay a ransom. TDO directly “marketed” the data as competitive intelligence that could be used against the U.S. Navy and U.S. defense contractors.
  • TDO also acquired and released documents and personal data on the CEO of a polyurethane and epoxy company, promising to release more allegedly valuable data for sale on the dark web if the company didn’t pay.
  • Thyssenkrupp, one of the world’s largest steel manufacturers, fell victim to a cyber-attack that originated from Southeast Asia, stealing proprietary technological data and research from its plant engineering division and others.

More recently, the WannaCry outbreak highlighted the extremely high toll malware infections can take when they disrupt manufacturing operations. The ransomware was responsible for forcing a Honda plant in Sayama, Japan to halt production for an entire day, likely costing the company millions. 

Over a year later, Taiwanese chip-making giant TSMC suffered a similar fate, when a WannaCry infection tore through unpatched Windows 7 machines, knocking out production for days and costing the company an estimated three percent of its third quarter revenue, or roughly $250 million. 

What’s Driving the Risk?

The biggest risk factor for most manufacturers is a lack of investment in cybersecurity. Industrial control systems are often left unprotected, which is especially troubling as the move toward connected, Internet of Things (IoT) technology becomes more prevalent in the industry.

At the same time, the hyperconnected modern supply chain that links vendors, contractors, and customers not only introduces more entry points, but also the risk of exporting malware to vital business partners. Factor in the reality of most manufacturers running 24/7 with a complex combination of platforms and systems of varying ages — some of which are highly specialized — and it can be incredibly difficult to provide reliable, across-the-board security. Phasing out outdated systems and staying on top of patching isn't always feasible, and often has to be weighed against the risk of slowing down production or breaking something. As a result, criminals know many manufacturing companies are operating with systems and software that have any number of known and readily exploitable vulnerabilities. 

More connections also means if malware gets in there is a distinct risk of it quickly propagating across networked devices. Worse yet, nearly 40% of manufacturers don’t have an incident response plan in place, so if they are attacked, the likelihood of a quick response time to minimize damage is very slim. Cybercriminals could go weeks or months with free reign access to the network before they’re even detected.

Access: Granted

Because so many organizations lack complete security protocols, cybercriminals are able to use a variety of tactics to gain access to vital systems. Some have used scanning tools like Shodan to probe public-facing systems, find vulnerabilities, and exploit them. Others gain brute-force access by cracking user passwords, while the most common infection vector relies on good-old fashioned social engineering via phishing emails. 

Like any other organization, manufacturers also face the “people factor.” The risk of insider threats, either through an accidental or intentional action, is a real concern. Malware can be introduced unknowingly from an employee who opens the wrong email attachment, or via privilege misuse by a disgruntled employee who intentionally infects the system or steals data or files.

What can manufacturing companies do?

With the threat level rising, clearly manufacturers need to take swift action to protect themselves against the disruption, espionage, extortion, and risk to competitive position that comes from cyberthreats. Here are several steps that can help give any organization a better defense profile:

  1. Lock down privileges.
    Store highly valuable intellectual property and confidential data in segregated drives outside the main network and maintain tight control over who has access to it and under what circumstances. Instituting regular credential updates and audits can help to ensure that only those users who truly need access have it and make it easier to detect and investigate any suspicious activity. See how Microsoft's Just Enough Administration tool can help with instituting the principle of least privilege.

  2. Train employees.
    The first line of defense against the most popular threat vector is a savvy end-user. Train employees to recognize questionable emails, not to click on attachments and links from people they don’t know and trust, and to report suspicious emails to a designated security team.

  3. Close up ports.
    Check for open ports along the network and secure any that could pose a threat. Much of the most damaging ransomware and other malware relies on finding and exploiting open ports (particularly port 3389 associated with RDP), so closing those doors can offer good baseline protection.

  4. Use something better than antivirus.
    Today's attacks are specifically designed to evade detection by antivirus solutions. Instead, companies need more advanced endpoint security solutions built to continuously monitor endpoints for suspicious activity and block it in real-time before any damage is done.
Find out how Barkly can give manufacturers a distinct advantage over cybercriminals, allowing companies to stay focused on production knowing their systems are safe. See how it works. 
The Barkly Team

The Barkly Team

Providing the latest security alerts and updates with context that makes them useful.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.