Today’s threat landscape is populated by many types of malicious entities. The most sophisticated threat actors and cybercriminals typically do not randomly target organizations for malware and ransomware attacks. They tend to use their resources to maximize the probability of benefiting from their efforts. The smart cybercriminals we will be talking about target specific industries and companies that they believe are easy to attack or are motivated to pay their ransom demands.
The manufacturing sector has been hit hard in recent years by cyberattacks. Ransomware is often the chosen method for these attacks in an attempt to financially gain by extorting the victimized organization. In many cases, serious operational disruptions and associated business losses accompany successful ransomware attacks.
We are going to look at why the manufacturing sector is appealing to cybercriminals, including some examples of successful attacks. We’ll also look at how an extended detection and response (XDR) platform can greatly improve cybersecurity and reduce the risk of cyberattacks against manufacturers.
What Makes the Manufacturing Sector an Attractive Target?
Several factors make companies in the manufacturing sector attractive targets for threat actors. Many manufacturers are affected by a combination of these factors, putting them squarely in the sights of dedicated threat actors.
High-value data resources
Manufacturers’ IT systems often store and process very valuable intellectual property regarding the products they produce. They may also possess sensitive customer data that can be leveraged by cybercriminals threatening to disclose it to the public.
Low tolerance for downtime
Downtime can be very expensive for manufacturers and have deleterious effects on their customers and society at large. Any disruptions caused by a cyberattack are seen as serious in the manufacturing sector.
Expanding attack surface
Manufacturers’ attack surfaces are expanding due to increased connectivity and the adoption of Internet of Things (IoT) solutions. Many of the devices essential to the manufacturing sector such as SCADA equipment or Industrial Control Systems (ICS) provide minimal default security. Threat actors leverage this fact to gain entry into the environment and initiate attacks against the larger environment.
Ineffective cybersecurity posture
The lack of standardization in cybersecurity measures implemented by manufacturers presents exploitable vulnerabilities for threat actors. Companies may neglect to devote sufficient financial resources to protect the environment. It can be very expensive and difficult to standardize and protect the older systems typically used in manufacturing due to their limited functionality.
Manufacturers often pay ransoms
Manufacturers are more likely to pay ransoms due to the valuable data that may be in play and the desire to minimize downtime. System outages may directly affect customers and the ability of the company to generate income. This can be a major factor in their decision to acquiesce to the ransomware demands.
Recent Attacks on the Manufacturing Sector
Reviewing some of the recent attacks on the manufacturing sector highlights their impact on the victimized organization and its customers. Ransomware is the most prevalent form of cyberattack perpetrated on manufacturers. Following are some recent ransomware attacks affecting manufacturers.
Simpson Manufacturing Company (2023)
Simpson Manufacturing Company is a major manufacturer of build materials in the U.S. They provide critical construction and retrofitting products essential to the construction industry. The company was hit with a disruptive cyberattack in October 2023 and discovered malicious activity in their IT system that caused them to take systems offline to control the damage. The company has not disclosed the exact nature of the incursion but its response is typical of the way victims address ransomware attacks.
Applied Materials (2023)
Applied Materials was impacted by a ransomware attack on one of its suppliers that will cost the company $250 million. Second-quarter shipments from the supplier of semiconductor technology were impacted by the discovery of a ransomware attack on MKS Instruments. This supplier was affected by a ransomware attack discovered on February 3, 2023. The effects of the attack disrupted Applied Material’s ability to process orders, ship products and provide service to customers.
Brunswick Corporation (2023)
Boating manufacturer Brunswick Corporation was impacted by a June 13, 2023 cyberattack that hit its IT systems and some of its manufacturing facilities. The company was forced to halt operations in certain locations while experts addressed the cybersecurity incident.
Brunswick did not confirm that they were victimized by ransomware, but the attack shares characteristics of this type of attack. It took nine days to restore full operations, a significant delay for the manufacturer and its customers. The timing of the attack, near the end of a fiscal quarter, made it difficult for the company to recover and cost it an estimated $85 million.
The Varta Group (2024)
German battery manufacturer The Varta Group was the target of a cyberattack on February 12, 2024. Segments of its IT systems were affected with associated impacts to the company’s administration and five production plants. Systems were shut down to mitigate the effects of the attack, essentially shutting down the majority of the company’s operations. The company’s plants are still feeling the effects of the attack and had not resumed operations almost two weeks after it was perpetrated.
How XDR Provides Better Cybersecurity
An extended detection and response solution like Samurai XDR furnishes manufacturers with an effective tool to minimize the risks of a cyberattack. Companies in the manufacturing sector stand to enjoy the following advantages by implementing Samurai XDR in their IT environments.
- XDR relies on NTT’s Tier 1 internet backbone to provide threat intelligence instrumental in identifying existing and emerging threats so they can be proactively addressed. The IP backbone is one of the world’s largest, providing visibility on over 40% of global internet coverage.
- Advanced analytics and machine learning are employed to identify suspicious behavior that may indicate compromised systems. XDR can recognize the subtle lateral movements of threat actors as they move through an environment in search of high-value targets. The platform can also identify the presence of advanced persistent threats (APTs) that attempt to evade discovery while waiting to attack the infrastructure.
- XDR augments an organization’s existing cybersecurity solutions to enhance protection for the complete IT environment. Samurai’s XDR platform provides IT personnel with a single interface that prioritizes threats for improved productivity and efficiency. This feature is essential for manufacturers with limited cybersecurity resources.
Manufacturers concerned about cybersecurity should take a look at Samurai’s new Starter Plan. You’ll quickly see how XDR helps protect your organization from cyberattacks and keeps your business running smoothly.
Featured articles
How to Build a Resilient Cybersecurity Strategy for MSPs
26 September 2024 | Webinars
In today's rapidly evolving threat landscape, MSPs are on the front lines of cybersecurity. As threats become more sophisticated, MSPs...
MSP Blueprint: Proactive Threat Hunting with XDR for Enhanced Cybersecurity
12 September 2024 | Cybersecurity 101
This article explores how Managed Service Providers (MSPs) can leverage Extended Detection and Response (XDR) to enhance proactive cyber threat...
The Importance of XDR for Regulatory Compliance
5 September 2024 | XDR
The SEC's 2024 cybersecurity disclosure rules mandate public companies to disclose incidents and detail their risk management strategies. Even non-public...