In the third in our series of articles on cybercrime and industry we will look at how manufacturing is being impacted by the rise of cybercrime. The manufacturing industry is going through a period of fast change. Many industrial systems are being overhauled to bring them into an era of high connectivity. The Internet of Things and automation / robotics are being used as a productivity booster, and a way of bringing the notoriously complicated manufacturing supply chain more closely under control.
The manufacturing sector has some fundamental challenges above and beyond those of the previously discussed sectors, healthcare and financial. This includes protection of intellectual property and corporate espionage / sabotage.
Advanced Persistent Threats (APT) in manufacturing: APT’s play the long game. Cybercriminals use techniques like spear phishing to get malware onto a system, and then use stealth and avoidance techniques to slowly exfiltrate data, such as proprietary information, often over many months. APT’s are a real threat to manufacturing because of the difficulty in detecting the underlying malware. This is down to the ability of the hacker to remotely control the malware (using a ‘command and control’ center) – morphing it to hide it from detection by traditional anti-virus and monitoring techniques. Kaspersky run an APT logbook, and it’s interesting to see how APT’s have become more prevalent over time. Filtering the logbook across manufacturing related industries shows how this area has become an increasing target for APT style attacks.
Intellectual property: Intellectual property (IP) is the mainstay of our manufacturing industry and its theft is a major contributor to economic issues in the USA. According to the IP Commission’s report into IP theft, they found that $hundreds of billions worth of IP was stolen each year from U.S. firms of all sizes. They described the situation as “the greatest transfer of wealth in history”. The loss of IP affects jobs and innovation. The theft is often state sponsored, the IP Commission report pointing to China as being a likely source, but insider threats are also an issue, including supply chain insiders. Verizon found that 46% of IP theft cases start with an employee. The staff member is likely collaborating with cybercriminals to extract the data – the prime driver being financial gain. When insiders are used, access is often through misuse of privileged credentials. But it may not be the system administrator actually behind the breach. Centrify found that in a survey of U.S. IT staff, 52% had shared a login credential with a contractor, and 59% with a fellow worker.
Cyber-espionage: According to Verizon’s “2016 Data Breach Investigations Report” manufacturing is one of the top three industries to suffer from cyber espionage. Cyber espionage is an external threat, sometimes state sponsored, or at least competitor sponsored, where the target is proprietary data and trade secrets. The vector into the manufacturer is most often via a spear phishing email, which is ultimately behind an APT attack (see above). The attackers can then quickly get at the credentials needed to login to the system and implant malware that exfiltrates data back to source. Another method that is gaining ground are drive-by-downloads; This vector is the sneakiest of all and is completely silent, so the user isn’t aware that they have been infected with malware – usually keyloggers which then go on to steal login credentials. Drive by downloads use exploit kits within a website – typically a site that is commonly used by that sector will be infected by the hacker. If the user visits that site, the exploit kit then looks for a vulnerability in a browser or other software application like Adobe Flash. The exploit kit uses this vulnerability to silently install the malware. It literally takes seconds, and you don’t even notice it happening. Once infected user credentials can be stolen, allowing access to the extended network.
Attacks against automation: The fourth industrial revolution is built upon automation and robotics. These devices are primary candidates for cyber attack. In an industry that is heavily reliant on connected and automated components, points of automation-targeted attacks make the industry highly vulnerable. In a report by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), they found that in the 12 months from October 2013 there were 245 cyber security incidents, with 32% of those affecting the energy sector and 27% critical manufacturing; of these 55% of them were due to APT’s (see earlier). You can imagine a scenario whereby a hacker has accessed a crucial automation unit, and sends malicious commands to it, causing chaos, resulting in the shutdown of the unit. Similarly critical infrastructures, such as those controlled by power and water suppliers are under increasing threat, including threats of cyber-terrorism. Examples include the 2014 cyber attack against the U.S. federal weather station network (NOAA) and the 2014 German steel mill attack, which caused the failure of multiple automated systems.
As our manufacturing industry becomes ever more interconnected, and the extended supply chain becomes more intrinsically hooked up to the network, the threat surface will become more complex. This brings deep level security issues that need to be addressed at the operating system/platform level. This does not however preclude the need for security training and awareness. The ever-present threat of phishing, especially spear phishing, which often is connected to an APT attack, can be handled through user training programs. The cyber security problems facing manufacturing as they undergo the fourth industrial revolution, need to be handled by a multi-layered approach, from ensuring that the systems manufacturers use are themselves utilizing appropriate safety measures to the awareness of security risk across the extended supply chain.