Ensuring robust cyber security for manufacturing is of utmost importance in today’s digital age. With the increasing reliance on technology, manufacturing companies are becoming more vulnerable to cyber attacks that can cause significant financial and reputational damage.
A new report by Toolbox.com (Researchers Uncover Major Watering Hole Campaign Targeting Multiple Sectors) has revealed an unidentified group of cybercriminals are targeting Canadian websites. Manufacturing, in particular, is being targeted by this attack. This is another reason for a focus on cyber security for manufacturing businesses throughout North America.
In this article, we will explore the key cyber security threats facing the manufacturing industry and provide practical tips on how to safeguard your business against these risks.
Basics of Cyber Security for Manufacturing
The manufacturing industry, like many other sectors, faces a growing threat landscape in the digital age. As technology continues to play an integral role in modern manufacturing processes, the industry becomes more susceptible to cyber attacks that can have severe repercussions. To protect against these threats, it is imperative to prioritize cyber security for manufacturing businesses.
The Unique Challenges of Manufacturing Cybersecurity
The manufacturing sector has distinct challenges when it comes to cybersecurity. Unlike some industries that primarily deal with customer data, manufacturing is often focused on safeguarding sensitive intellectual property, proprietary designs, and control systems. Here are some of the specific challenges faced by the manufacturing industry:
- Protection of Intellectual Property: Manufacturing companies invest heavily in research and development to create innovative products. Cybersecurity is essential to protect these intellectual assets from theft or espionage.
- Control System Vulnerabilities: As manufacturing processes become more automated and reliant on control systems, vulnerabilities in these systems can lead to production disruptions and safety hazards.
- Supply Chain Complexity: Manufacturers rely on intricate supply chains. Cybersecurity must extend to suppliers and partners who may introduce vulnerabilities into the ecosystem.
- Regulatory Compliance: The manufacturing sector often deals with specific regulations and standards, such as the NIST Cybersecurity Framework and ISO 27001. Compliance is critical to avoid legal repercussions.
Key Strategies for Cybersecurity in Manufacturing
To enhance cyber security for manufacturing operations, you can implement the following strategies:
- Risk Assessment: Conduct regular risk assessments to identify vulnerabilities and prioritize cybersecurity efforts based on potential impact.
- Employee Training: Educate employees on cyber threats and the role they play in preventing attacks, especially with regard to phishing and social engineering.
- Network Segmentation: Isolate critical systems from less critical ones to limit the potential for lateral movement by attackers.
- Incident Response Plan: Develop a robust incident response plan that outlines steps to take in case of a security breach.
- Regular Updates and Patch Management: Ensure all software and systems are up-to-date to address known vulnerabilities.
- Collaboration with Cybersecurity Firms: Engage with specialized cybersecurity firms that can provide expertise, threat intelligence, and incident detection and response services.
- Continuous Monitoring: Implement real-time monitoring of network traffic to detect and respond to anomalies promptly.
- Encryption: Protect sensitive data by implementing encryption for data at rest and in transit.
What is a Watering Hole Attack?
A watering hole attack gets its name from the real-life watering home. Predators lay in wait for their prey to come to a common location. In the IT space, these attacks occur when a popular public website is targeted by hackers. They can prove to be very dangerous as individuals, organizations and even entire industries can be targeted.
“The malware may be delivered and installed without the target realising (called a ‘drive by’ attack), but given the trust the target is likely to have in the watering hole site, it can also be a file that a user will consciously download without realising what it really contains.”
– UK National Cyber Security Center
Cyber Attack against Canadian Manufacturing Uncovered by Black Lotus
The Black Lotus Labs security firm discovered the watering hole attack on Ukrainian websites and one Canadian target. It appears that this attack is by the same group that managed to successfully attack San Francisco International Airport’s website back in April 2020.
The main sectors that appear to be targeted are manufacturing, media, sport, investment banking, and the oil sector. So far the attackers remain unidentified. The attack succeeded to add malicious JavaScript code to the target websites. This JavaScript code “prompted the victims’ devices to send their New Technology LAN Manager (NTLM) hashes to an actor-controlled server using Server Message Block (SMB).”
Cyber security for manufacturing industry is a focus of Sabre IT as we have found this industry segment runs behind the general business sector in protecting their IT infrastructure.
In more general terms, the attackers were able to gain information that let them access email credentials, general account usernames, and passwords, personal financial and banking information, and in some cases resources on the corporate network.
How to secure against this attack?
Unlike Phishing attacks, which are almost always delivered as either email or direct messages on services like Facebook Messenger, watering hole attacks might occur on a trusted website. It can be very hard to train users to identify and avoid these attacks.
There is no way for an average user to recognize a hacked website except with tools designed specifically to do just that. Here are some recommendations from Black Lotus Labs:
- Disable SMB-based communications outside your network.
- Disable SMB communication through your firewall
- Disable vulnerable software like Adobe Flash and Internet Explorer and ensure all browser software is patched to the most current level.
- Disable JavaScript on untrusted websites. If disabling is not an option, limit their use only to those websites that need it.
- Patch and update your operating system regularly. Do not run insecure software.
- Make sure you have a robust anti-virus system and ideally a whitelisting service that will identify untrusted websites.
- Monitor traffic from third-party, unknown, and suspicious sites. Monitoring unusual connections to your firewall from unexpected offshore sites can detect these bad actors.
Understanding the Latest Cybersecurity Threats to Control Systems in Manufacturing
As manufacturing companies increasingly rely on control systems to automate their operations, they also become more vulnerable to cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) has identified several emerging threats to control systems that manufacturing firms should be aware of.
One of the most concerning threats is ransomware, which has become a popular tool for cybercriminals to exploit vulnerabilities in control systems. In recent years, ransomware attacks have disrupted several manufacturing companies, causing significant financial losses and reputational damage.
Another threat is supply chain attacks, where cybercriminals compromise a third-party vendor or supplier to gain access to the manufacturer’s control systems. This attack vector has become more prevalent in recent years, and it can be challenging for manufacturers to identify and mitigate these risks effectively.
Additionally, CISA has observed an increase in spear-phishing attacks against employees and contractors who have access to control systems. These attacks use social engineering techniques to trick individuals into clicking on malicious links or providing sensitive information, allowing cybercriminals to gain unauthorized access to control systems.
Finally, CISA warns that manufacturers must be vigilant about the security of their remote access solutions, as cybercriminals can exploit vulnerabilities in these systems to gain access to control systems. Manufacturers must ensure that their remote access solutions are appropriately secured and monitored.
Protecting Sensitive Data in the Manufacturing Industry: Best Practices for Data Security
Manufacturing companies should implement a comprehensive data security policy that covers all aspects of data handling and protection. This policy should include guidelines for data access, storage, transfer, and disposal. It should also define roles and responsibilities for all employees involved in data handling and provide training on data security awareness and best practices.
Another critical aspect of data security in the manufacturing industry is network security. All manufacturing companies should have a robust network security system in place to protect against cyberattacks, such as firewalls, intrusion detection systems, and antivirus software. Additionally, regular security assessments and vulnerability testing should be conducted to identify and address any potential security gaps.
Manufacturing companies should also have a disaster recovery plan in place to quickly recover from data breaches or other security incidents. This plan should include regular data backups, off-site storage of backup data, and clear procedures for restoring data in case of a security breach.
By following these best practices in cyber security for manufacturing, companies can better protect their sensitive data from cyberattacks and minimize the risk of financial and reputational damage.
Need Help?
We regularly see the results of cybercrime that is attempted and stopped (for our customers) and that got completely out of hand and resulted in tragedy (with new prospects we meet all the time). Whether you need help with IT consulting, cybersecurity, or managed IT services, we have the knowledge and tools to keep your manufacturing operations secure.
Sabre IT has worked with hundreds of manufacturers. We have been providing IT services for over 20 years. We have worked with scores of industrial businesses; helping to ensure cyber security for manufacturing businesses. To learn more, read our comprehensive eBook titled Cyber Security Essentials for Manufacturers.
Call us at 226-336-6259 or contact us at itsales@sabrelimited.com today to learn more.