Manufacturers are getting hit hardest by ransomware attacks. Even as attacks are down and responses to the attacks have improved, ransomware continues to be an issue in manufacturing.
IBM Security X-Force's annual X-Force Threat Intelligence Index this year shows that incidents declined 4% from 2021 to 2022, and defense efforts were more successful in detecting and preventing ransomware. Yet the 2023 report showed that manufacturing was the most extorted last year, and the most attacked for the 2nd consecutive year, accounting for about 1 in 4 attacks in 2022.
Manufacturers Can’t Stand Downtime
In manufacturing, there has long been a conflict between IT and OT teams. IT complains that OT has insufficient security. With OT, safety and availability are the prime concerns. “Lack of coordination between IT and OT teams can certainly make defending more difficult, but if we’re going to point the finger, it has to be at threat actors,” John Hendley, head of strategy at IBM Security X-Force, told Design News. “They have honed in on the fact that manufacturing as an industry has almost no tolerance for downtime. So when threat actors deploy ransomware or other disruptive malware, they have greatly increased leverage, which in turn can lead to faster payouts.”
In recent years, OT networks at manufacturing plants have extended their reach to suppliers and customers. This can increase network exposure to attacks. “Limiting your attack surface is one of the most important initiatives for organizations that have significant OT infrastructure. But situations, where you must allow third parties access, is where zero trust principles can help create clarity for defenders,” said Hendley. “Most importantly, defenders need to assume that any third-party connections are already compromised. By starting from this ‘assume breach’ mentality, defenders can build security into the architecture of those connections to increase the time it takes threat actors to move throughout the environment, and increase the chances of detection before they reach their objective.”
Manufacturing organizations are an attractive target for extortion since they have an extremely low tolerance for downtime. According to the National Association of Manufacturers (NAM), ransomware attackers often target manufacturers by disabling their operations technology and blackmailing them into paying to restore the functionality of their systems. Manufacturers that cannot afford to have production halted by hacks often have no choice but to pay the hackers’ ransom. NAM noted that manufacturers need to take steps to modernize and secure their IT and OT systems to avoid attacks.
The Stats Behind the Attacks
IBM Security X-Force revealed the statistics:
- Manufacturers Hard-Hit by Extortion. At 27%, extortion was the #1 impact of cyberattacks in 2022, data theft followed closely behind at 19%. Of all industries, manufacturing was the most extorted last year, and the most attacked for the 2nd consecutive year, accounting for about 1 in 4 attacks in 2022. Ransomware and backdoor deployments together made up more than half of all incidents observed in 2022.
- OT systems are low-hanging fruit for attackers. OT systems are often difficult or impossible to patch, making them highly susceptible to older threats, which cybercriminals are increasingly exploiting. Even with a drop in ICS vulnerabilities reported in 2022, vulnerability exploitation remained one of the top causes of cyberattacks on manufacturing in 2022.
- Ransomware: Too Big to Fail. Backdoor deployments were the top attacker action last year, and about 67% of those cases were failed ransomware attacks (where defenders were able to disrupt the backdoor before the ransomware was deployed). Even with improved defenses, the impact was minimal with ransomware’s share of incidents declining only 4 percentage points in 2022.