In 2020, ransomware actors demanded $17 million from a laptop maker and $34 million from a Taiwanese electronics contract company. The past two years have also delivered major disruptions for supply chains. The pandemic pushed supply chain attack issues front-and-center, with disruptions up 67% in 2020 and problems expected to persist as global markets adjust to the ‘new normal’.

With these two areas now among the top targets for cyber criminals, what lies ahead? Check out our top stories from the world of manufacturing and supply chain IT security in 2021. Here, you’ll find clues on what to expect and tips for how you can better protect your business.

Quick Briefs: Top Manufacturing/Supply Chain Insights

Threat Actors’ Most Targeted Industries in 2020: Finance, Manufacturing and Energy
7-Minute Read 🕒

In March, IBM Security’s annual X-Force Threat Intelligence Index found manufacturing is now one of the most targeted industries for cyber attacks. Ranked as the eighth most attacked in the 2019 report, it jumped to second place in 2020. It received 17.7% of all attacks on the top 10 industries — more than double the 8.1% of attacks it faced the year prior. This may be driven by the interest malicious actors have in targeting infrastructure with connections to operational technology (OT).

The manufacturing sector, where every minute of downtime is costly, also faced a high proportion of ransomware attacks. Threat actors sought to disrupt work in places with high pressure to pay a ransom. The report found 21% of ransomware attacks happen against manufacturing, while four times more business email compromise (BEC) attacks hit manufacturing companies than in any other industry.

Manufacturing Cybersecurity Threats and How to Face Them
3-Minute Read 🕒

OT and the Industrial Internet of things (IIoT) are becoming more attractive to manufacturers looking to gain crucial insights into the way their operations are functioning. But there’s a downside. Many OT assets aren’t ready to defend against today’s threats. Some of those assets are decades-old legacy systems that use proprietary protocols to talk to one another. As such, they can’t easily receive remote updates unless the owners take them offline. But doing that threatens the uptime of their physical processes. This makes it difficult for businesses to keep these assets secure as they go online via the ongoing IT-OT convergence. No doubt this contributes to the growth of digital threats confronting the industry.

Luckily, it’s possible to overcome these challenges. Business leaders just need to bring IT and OT together with a bit of care. Read this article to find out about best practices you can adopt to combat these risks.

The Weaponization of Operational Technology
8-Minute Read 🕒

As we’ve noted previously, OT threats are on the rise. And of all the attack types IBM X-Force has observed against OT entities, ransomware is the leader. In fact, nearly one-third of all attacks X-Force observed against groups with OT networks in 2021 have been ransomware.

Read this blog to learn about measures you can take to enhance security for OT networks. It’s based on insights gained from the X-Force Red pen testing team, as well as X-Force incident response’s work assisting OT clients.

Supply Chain Attack: What It Is (and What to Do About It)
4-Minute Read 🕒

Increasing reliance on digital supply chain solutions has set the stage for increasing supply chain attacks. This article examines what enterprises need to know about supply chain threats. It also examines some of the most notable 2021 supply chain attacks. In one notable instance, DevOps tool provider Codecov disclosed that threat actors compromised their Bash script uploader. This allowed the attackers to capture information stored by Codecov customers in continuous information environments. Third-party researchers also found that attackers might have been able to “raid additional resources” and gain access to user credentials. From there, this could, in turn, lead to even larger breaches.

Read this article to find out about some of the most common supply chain threat vectors. How can you help reduce the risk of supply chain threats?

What Biden’s Cybersecurity Executive Order Means for Supply Chain Attacks
5-Minute Read 🕒

On May 12, 2021, President Joe Biden signed an executive order to modernize cybersecurity defenses and protect federal networks. To be precise, the order forces organizations to consider cybersecurity throughout their supply chain and within their vendor population. It covers a wide range of issues, including sharing threat information, public/private partnership and closer teamwork with federal partners.

The order puts the onus on the federal government to take at least some responsibility for protecting digital systems. In addition, it sets up working groups and takes existing National Institute of Standards and Technology (NIST) guidelines as formal instructions around some government agencies.

Read the full story to find out more about the contents of the executive order. Plus, why are attackers focusing on supply chains? Lastly, see how to better secure your business against supply chain attacks.

REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya
6-Minute Read 🕒

On July 2, 2021, Kaseya notified customers of a compromise affecting the company’s VSA product in a way that poisoned the product’s update mechanism with malicious code. VSA is a remote monitoring and management tool for networks and endpoints intended for use by enterprise customers and managed service providers. Although it was at first believed that attackers targeted only 50 companies using VSA on-premises, the evolving case revealed more potential victims. Numbers climbed to 1,500 to 2,000 companies likely exposed to downstream impact by this major attack. Find out more about how the attackers got in, who was impacted and what was done to respond.

More on the Status of Manufacturing IT Security

In September, Varonis released its 2021 Manufacturing Data Risk Report. They analyzed a random sample of Data Risk Assessments for 50 industrial manufacturers and engineering companies. From there, they could determine how data becomes exposed and at risk. The report found every employee can access, on average, six million files on their first day on the job, and four in 10 organizations have 1,000+ sensitive files open to every employee.

Also in September, Sophos released its State of Ransomware in Manufacturing and Production 2021 report. This was based on the findings from an independent survey of 5,400 IT decision-makers, including 438 in the manufacturing and production sector, conducted at the start of 2021. The report found ransomware hit 36% of the groups surveyed in 2020.

Finally, NTT’s 2021 Global Threat Intelligence Report (GTIR) revealed that the manufacturing industry saw a 300% increase in worldwide cyberattacks in 2020.

More from Incident Response

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Expert Insights on the X-Force Threat Intelligence Index

5 min read - Top insights are in from this year’s IBM Security X-Force Threat Intelligence Index, but what do they mean? Three IBM Security X-Force experts share their thoughts on the implications of the most pressing cybersecurity threats, and offer guidance for what organizations can do to better protect themselves. Moving Left of Boom: Early Backdoor Detection Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, sat down with Security Intelligence to chat with us about the rise in the deployment…

5 min read

How Morris Worm Command and Control Changed Cybersecurity

4 min read - A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable data. The key to all this is a well-developed Command and Control (C2 or C&C) infrastructure. The number of C2 servers used for launching cyberattacks increased by 30% in 2022. More than 17,000 of these servers were detected last year,…

4 min read

The Important Role of SOAR in Cybersecurity

4 min read - Understaffed security teams need all the help they can get, and they are finding that help through SOAR. SOAR — security orchestration, automation and response — is defined by Gartner as the “technologies that enable organizations to collect inputs monitored by the security operations team.” Gartner identifies a SOAR platform’s three prime functionalities: Threat and vulnerability management, security operations automation and incident response. The number of threats coming across the network and endpoints each day overwhelms most organizations. Adding SOAR…

4 min read