In 2020, ransomware actors demanded $17 million from a laptop maker and $34 million from a Taiwanese electronics contract company. The past two years have also delivered major disruptions for supply chains. The pandemic pushed supply chain attack issues front-and-center, with disruptions up 67% in 2020 and problems expected to persist as global markets adjust to the ‘new normal’.

With these two areas now among the top targets for cyber criminals, what lies ahead? Check out our top stories from the world of manufacturing and supply chain IT security in 2021. Here, you’ll find clues on what to expect and tips for how you can better protect your business.

Quick Briefs: Top Manufacturing/Supply Chain Insights

Threat Actors’ Most Targeted Industries in 2020: Finance, Manufacturing and Energy
7-Minute Read 🕒

In March, IBM Security’s annual X-Force Threat Intelligence Index found manufacturing is now one of the most targeted industries for cyber attacks. Ranked as the eighth most attacked in the 2019 report, it jumped to second place in 2020. It received 17.7% of all attacks on the top 10 industries — more than double the 8.1% of attacks it faced the year prior. This may be driven by the interest malicious actors have in targeting infrastructure with connections to operational technology (OT).

The manufacturing sector, where every minute of downtime is costly, also faced a high proportion of ransomware attacks. Threat actors sought to disrupt work in places with high pressure to pay a ransom. The report found 21% of ransomware attacks happen against manufacturing, while four times more business email compromise (BEC) attacks hit manufacturing companies than in any other industry.

Manufacturing Cybersecurity Threats and How to Face Them
3-Minute Read 🕒

OT and the Industrial Internet of things (IIoT) are becoming more attractive to manufacturers looking to gain crucial insights into the way their operations are functioning. But there’s a downside. Many OT assets aren’t ready to defend against today’s threats. Some of those assets are decades-old legacy systems that use proprietary protocols to talk to one another. As such, they can’t easily receive remote updates unless the owners take them offline. But doing that threatens the uptime of their physical processes. This makes it difficult for businesses to keep these assets secure as they go online via the ongoing IT-OT convergence. No doubt this contributes to the growth of digital threats confronting the industry.

Luckily, it’s possible to overcome these challenges. Business leaders just need to bring IT and OT together with a bit of care. Read this article to find out about best practices you can adopt to combat these risks.

The Weaponization of Operational Technology
8-Minute Read 🕒

As we’ve noted previously, OT threats are on the rise. And of all the attack types IBM X-Force has observed against OT entities, ransomware is the leader. In fact, nearly one-third of all attacks X-Force observed against groups with OT networks in 2021 have been ransomware.

Read this blog to learn about measures you can take to enhance security for OT networks. It’s based on insights gained from the X-Force Red pen testing team, as well as X-Force incident response’s work assisting OT clients.

Supply Chain Attack: What It Is (and What to Do About It)
4-Minute Read 🕒

Increasing reliance on digital supply chain solutions has set the stage for increasing supply chain attacks. This article examines what enterprises need to know about supply chain threats. It also examines some of the most notable 2021 supply chain attacks. In one notable instance, DevOps tool provider Codecov disclosed that threat actors compromised their Bash script uploader. This allowed the attackers to capture information stored by Codecov customers in continuous information environments. Third-party researchers also found that attackers might have been able to “raid additional resources” and gain access to user credentials. From there, this could, in turn, lead to even larger breaches.

Read this article to find out about some of the most common supply chain threat vectors. How can you help reduce the risk of supply chain threats?

What Biden’s Cybersecurity Executive Order Means for Supply Chain Attacks
5-Minute Read 🕒

On May 12, 2021, President Joe Biden signed an executive order to modernize cybersecurity defenses and protect federal networks. To be precise, the order forces organizations to consider cybersecurity throughout their supply chain and within their vendor population. It covers a wide range of issues, including sharing threat information, public/private partnership and closer teamwork with federal partners.

The order puts the onus on the federal government to take at least some responsibility for protecting digital systems. In addition, it sets up working groups and takes existing National Institute of Standards and Technology (NIST) guidelines as formal instructions around some government agencies.

Read the full story to find out more about the contents of the executive order. Plus, why are attackers focusing on supply chains? Lastly, see how to better secure your business against supply chain attacks.

REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya
6-Minute Read 🕒

On July 2, 2021, Kaseya notified customers of a compromise affecting the company’s VSA product in a way that poisoned the product’s update mechanism with malicious code. VSA is a remote monitoring and management tool for networks and endpoints intended for use by enterprise customers and managed service providers. Although it was at first believed that attackers targeted only 50 companies using VSA on-premises, the evolving case revealed more potential victims. Numbers climbed to 1,500 to 2,000 companies likely exposed to downstream impact by this major attack. Find out more about how the attackers got in, who was impacted and what was done to respond.

More on the Status of Manufacturing IT Security

In September, Varonis released its 2021 Manufacturing Data Risk Report. They analyzed a random sample of Data Risk Assessments for 50 industrial manufacturers and engineering companies. From there, they could determine how data becomes exposed and at risk. The report found every employee can access, on average, six million files on their first day on the job, and four in 10 organizations have 1,000+ sensitive files open to every employee.

Also in September, Sophos released its State of Ransomware in Manufacturing and Production 2021 report. This was based on the findings from an independent survey of 5,400 IT decision-makers, including 438 in the manufacturing and production sector, conducted at the start of 2021. The report found ransomware hit 36% of the groups surveyed in 2020.

Finally, NTT’s 2021 Global Threat Intelligence Report (GTIR) revealed that the manufacturing industry saw a 300% increase in worldwide cyberattacks in 2020.

More from Incident Response

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today