eCrime (online criminal attacks) has been a growing concern for various sectors all over the world. eCrime can be the result of a single individual or a group taking advantage of another person or organization over the internet to access sensitive information. Cybercriminals may vary in size and prowess but mostly have a common goal—obtaining financial gain or access to intellectual property.
The onset of the pandemic has exposed the magnitude of risk associated for organizations due to the shift to remote working irrespective of the sector. According to the 2020 CrowdStrike OverWatch report, the first 6 months of 2020 (Jan-June) have witnessed 41000 potential intrusions compared to 35000 in all of 2019. This was a result of the rapid adoption of remote workforces by organizations who were not prepared for a change of this multitude. Accelerated set-up of new infrastructure created opportunities for adversaries to exploit public fear in the name of COVID-19 themed social engineering strategies.
While various verticals were targeted proactively by adversaries, the manufacturing sector saw a steep escalation in terms of both quantity and sophistication of the intrusions from both eCriminals and nation-states. The manufacturing sector of India has the potential to reach US$ 1 trillion by 2025 and this makes it an attractive target for eCriminals and nation-state adversaries.
Many organizations in the manufacturing industry were targeted due to their critical nature of operations and access to valuable data as they failed to fully adapt their security postures in time to respond to these evolving threats. In 2019 the manufacturing sector was not even among the top 10 verticals affected by cyberattacks; in the first half of 2020, it was the second most targeted vertical.
A supply chain attack which is relatively new has become a weak link for businesses. Recent reports show how trustworthy software vendors have become compromised as hackers can modify trusted products to perform malicious activities. Recent research found that not all suppliers are being vetted by companies and at the same time not all suppliers are informing companies of security breaches. It is said that organizations do not always hold external suppliers to the same security standards as themselves which has become the primary source of vulnerability.
Commonly used intrusion tactics and techniques used by adversaries
An analysis of adversary TTPs by CrowdStrike used in the first half of 2020 has revealed an increase in the use of discovery techniques. These methods enable adversaries to build a clearer picture of the victim’s environment. This type of behaviour by adversaries indicates detailed planning and nuance from their end which stands in contrast to the ‘smash and grab’ attacks that were commonly seen in previous years.
The line between state-sponsored and eCrime TTPs continues to blur in 2020. There are significant commonalities between the TTPs employed by state-sponsored adversaries and eCrime actors. eCrime operations have consistently demonstrated their capacity to adapt and innovate to improve their strike rate and boost their profit margins. There are various reasons why nation-state adversaries see the manufacturing sector as a valuable target. The manufacturing sector plays a critical role in the development of a nation, especially in a pandemic-stricken world where the sector can boost the revival of the economy. International trade tensions, increased competition for essential goods and efforts by some organizations to decrease their reliance on offshore suppliers has significantly contributed to an increased foreign interest in the operations of these suppliers.Â
A recent trend has been observed where attackers use legitimate administrative tools for their attacks. While a few were native to the host’s operating system some were not. The most frequently used tools included Process Hacker, Proc Dump, Advanced IP Scanner, Team Viewer, Advanced Port Scanner, Power Tool, PC Hunter, GMER and Anydesk. Attackers have also been using a variety of legitimate pen-testing tools in their campaigns including Mimikatz, Cobalt Strike, PowerShell Empire, PowerSploit, PowerCat and Meterpreter among others.Â
Future of manufacturing security
While digitalization and efficient interconnectivity in the manufacturing sector has definitely been beneficial for organizations. Proactive precautions must be set in place by organizations to prevent such a massive scale of attacks that makes the entire vertical vulnerable. In 2020, the manufacturing sector across the world saw the frequency of intrusions rise to 11% from 3.3% in 2019.
Organizations must protect themselves by keeping an eye out for any evidence that suggests an opportunity for adversaries to use and evolve into something more than stealthy and deliberate. On a more personal or individual level, all employees must keep track of the digital footprint of their valued credentials. Security hygiene matters and compromised credentials, internet exposed applications and unpatched vulnerabilities continue to be found at the scene of the crime as the primary source of vulnerability.
The good news is that awareness around cybersecurity and its importance is being made a priority in the sector. Organizations must recognize the importance of supply chain resilience to protect the sector in the near future.