The manufacturing industry has long been considered a prime target for cyberattacks due to the high value of its intellectual property, sensitive data, and operational infrastructure. Within the last year, though, cyberattacks have increased significantly, specifically with ransomware.
According to a report by industrial cybersecurity firm Dragos, ransomware attacks targeting the manufacturing sector surged in 2022. The report found that the industry suffered at least 437 ransomware attacks in 2022, representing a 107% increase from the 211 attacks recorded in 2021.
Dragos cites one of the issues facing manufacturing facilities is that operators often have little visibility into their systems, as well as shared credentials between information networks and operational technology (OT) systems. This lack of visibility can make it difficult for operators to detect and respond to attacks. Dragos highlights that 80% of services customers had limited OT visibility into their industrial control systems (ICS) environment.
With the increase in attacks, two new threat groups emerged, Chernovite and Bentonite, which both focus on attacking the industrial sector.
Chernovite, which Dragos called "the most dangerous threat group to date," is likely a nation-state hacking group that developed Pipedream, a modular ICS toolset designed to cause destructive effects against electric, liquid, and natural gas companies in the U.S. and Europe. What makes Pipedream unique is its apparent ability to be deployed across multiple critical infrastructure sectors, lowering the barrier to entry for attacks against ICS.
As for Bentonite, Dragos warns that it is a highly opportunistic group that targets maritime oil and gas, governments, and manufacturing, using common vulnerabilities found in internet-facing devices. The group has mainly focused on IT networks but maintains a heavy interest in OT networks and the materials found in those networks.
So, what does all this information mean? Where are we headed in the next year?
The report says:
"Dragos assesses with high confidence that ransomware will continue to disrupt industrial operations in 2023, whether through the integration of OT kill processes into ransomware strains, flattened networks enabling ransomware to spread into OT environments, or through operators' precautionary shutdowns of OT environments to prevent ransomware from spreading to the OT systems."
The report also assesses that more new ransomware groups will appear in 2023, as either new groups or reformed ones, due to changes in ransomware groups and the leaking of the Lockbit 3.0 Builder.
Ransomware groups are expected to continue targeting higher-value, industrial entities, and they will likely show more interest in vendors and suppliers due to their interconnectivity with downstream customers. This is because of the criticality of operations and their reach into numerous OT environments, which often results in higher or more frequent ransom payouts.
With all of this in mind, if you are concerned about the manufacturing sector and ransomware, or wish to hear other opinions on the matter, don't forget to register for the first annual SecureWorld Manufacturing Virtual Conference on August 23rd, where we will be discussing all things manufacturing and cybersecurity.
Subscribe to SecureWorld News for more stories related to cybersecurity.