The manufacturing industry has been on cybercriminals’ radar for years, and often tops the list of the most-attacked industries. Typically, manufacturers were simply a target of opportunity. But an emerging trend indicates that bad actors now purposefully target this sector. The recent attack that paralyzed operations at Honda demonstrates manufacturing organizations are being tracked and hunted and becoming a specific mark.
While the giant automaker hasn't disclosed a lot of details, cybersecurity experts saw telltale signs that Honda was the intended target of a specifically customized attack. For the manufacturing sector, this could be a troublesome signal of things to come.
What Happened as a Result of the Honda Cyberattack
Operations at many of the automaker's global locations, including manufacturing plants, came to a halt in early June after what was likely a ransomware attack crippled computer servers, email, and essential systems. For the record, Honda attributed the disruption to a virus that spread across internal servers as a result of an outside attack.
Security researchers who analyzed virus samples posted on an online forum said this was the work of the Snake/EKANS ransomware family. Emerging at the end of 2019, EKANS appears to target industrial control systems (ICS). In addition to encrypting files, EKANS can stop processes, including those associated with ICS.
What makes the Honda attack unique, however, is that the ransomware reportedly was created to execute only in Honda's internal environment.
Although Honda didn't comment on how the attackers got access, researchers surmised that remote desktop protocols (RDP) were a possible attack vector. As employees shifted to work from home during the COVID-19 pandemic, they started using remote RDP routinely to access remote desktops. Unfortunately, RDP is known for its many vulnerabilities.
Automotive Manufacturing in the Crosshairs
Threats to the U.S. automotive sector has grown significantly during the past few years. So much so, in fact, that the FBI issued a private warning to the industry that hackers were expanding their activities.
But auto manufacturers are not an isolated category. The manufacturing industry as a whole frequently pops up as one of the most-targeted sectors. One recent report from a security company found that manufacturing was the second most-targeted industry in the Americas, Germany, and Japan—and first in Hong Kong and the United Kingdom.
And last year half of destructive-malware incidents observed by IBM X-Force researchers were in the manufacturing industry. One troublesome observation is that these destructive attacks (which erase data and leave millions of devices inoperable) are no longer typically the work of sophisticated nation-state actors. Now, they're moving into the “mainstream." and are carried out by the average cybercriminal.
Implications for the Industry
In the 2017 WannaCry attack, manufacturers from automakers to consumer goods firms to pharmaceutical companies were among those whose computers were locked. The havoc unleashed by WannaCry demonstrated the vulnerability of the sector.
As facilities have become more connected to the internet and systems are more interconnected overall, exposure grows further. Plus, the increasing complexity of the security environment compounds the challenge of protecting plants and other facilities.
The direct financial impact resulting from an attack doesn't tell the whole story: the legacy of an attack manifests itself in several troubling ways. In addition to business interruptions, mitigation costs, and fines, manufacturers should be concerned about the damage to their reputation and other indirect costs.
An economic loss model created by Frost & Sullivan estimates that a typical large manufacturing company in the Asia Pacific could lose an average of $10.7 million in a cyberattack. The biggest portion ($8.1 million) of that would be indirect costs such as reputational damage and customer churn.
Real-world examples, however, show much higher losses. The 2019 LockerGoga ransomware attack on aluminum giant Norsk Hydro, which impacted 35,000 employees and thousands of servers and PCs, was projected to cost $75 million.
While Frost & Sullivan's calculations showed much less impact on midsize companies—an estimated $38,000 cost per attack—it's also much more difficult for smaller manufacturers to rebound, especially when it comes to customer turnover or loss of intellectual property.
Create a Security Plan
A report by professional-services firm Sikich found that half of surveyed manufacturers and distributors experienced a data breach or cyberattack in 2019. The odds of being attacked are simply not in the industry's favor.
We can help. The Arctic Wolf manufacturing cybersecurity checklist takes you through the steps you need to take to create a security plan. Download the checklist to get started—and find out how our Concierge Security® Team can help boost your security posture.