Fifty percent of all ransomware attacks are against manufacturers, research

Orange Cyberdefence blames cultural problems that leave the manufacturing sector particularly vulnerable

Manufacturers are disproportionately likely to suffer from ransomware attacks according to researchers at Orange Cyberdefense.

Based on data derived from the company's SOCs around the world, Orange Cyberdefense's Security Navigator 2021 report summarises the security incidents suffered by its customers in different sectors and size bands.

Some 18 per cent of organisations studied are in the manufacturing sector, yet they suffered 30 per cent of all confirmed incidents over the past year and a half of all ransomware attacks, said head of cybersecurity research Charl van der Walt during an online roundtable this week.

"Manufacturing is very complex as an ecosystem, and there's a dichotomy between IT and traditional manufacturing mindsets," he said.

"There are very different realities that are converging, and that convergence isn't just about marrying technologies, it's about marrying people who come from different worlds and think about the world in different ways. I think that's opening that industry up to high levels of vulnerability."

Van der Walt contrasted the manufacturing sector with finance, which is an obvious target for cyber criminals, but much less likely to suffer an attack from ransomware or other types of malware.

"I don't think it's because manufacturers are being targeted more. I think it's simply because they're not as resilient," he said.

"Finance is actually quite resilient, quite mature, and the attackers have largely given up on traditional network-based attacks and are focusing more on social engineering attacks."

Unlike the scatter gun of early ransomware like NotPetya, modern attacks tend to encrypt data at the end of a long process, which includes breaching the network, working around the infrastructure, stealing valuable information and working out a way to maximise the attacker's profits, van der Walt continued.

"Ransomware is a business model not a technology. It is only the end of an attack strategy. In the final stage you trigger your ransomware, knowing you're going to reveal yourself. You only do that after you've done everything else that you can. So ransomware is not just ransom, it's also a data breach, it's also lateral movement."

This means that ransomware is a good indicator of weaknesses in organisations' general defences.

So far, manufacturers have been fortunate in that there haven't been many attacks against operational technology, such as those launched against power generators in Ukraine and recently a water purification plant in Florida, but these may become more common, van der Walt said.

"We see very little of that and I think that's because criminals haven't really figured out how to monetise it yet, and traditional ransomware is working for them. But I think these numbers from the traditional IT side of manufacturing are very concerning when one thinks that the potential impact of an attack on OT given this level of vulnerability."

The past year has also seen an increase in attacks on the health sector, said Lisa Ventura, CEO and founder, Cyber Security Association.

"Attacks have increased as much as 45 per cent since with ransomware, botnets, remote code execution and DDoS being the most common. The healthcare industry has always been vulnerable to cyberattacks due to the sensitive and confidential information that's held, and because it's such a heavily regulated industry a lot of resources that could be put towards effective security control can often get used up to ensure compliance."

SMEs have become targets too, Ventura said.

"The pandemic has forced changes and left gaps and brought cyber to the fore. Prior to the pandemic a lot of SMEs had their head in the sand thinking they won't be targeted, but the opposite is true: small businesses will be attacked."