4 Noteworthy Cyberattacks that Shook Manufacturing in 2023
The Internet of Things (IoT) has started to transform manufacturing. Dubbed “Industry 4.0,” the digital evolution of the manufacturing ecosystem integrates IoT devices throughout industrial settings. A few of the more common ways to see IoT devices pulled into the factory setting include worker safety, inventory management, predictive maintenance, and quality control.
These are use cases outside of what’s sometimes called the Industrial Internet of Things (IIoT), which can refer to internet-enabled equipment directly on the factory floor such as the robots building cars or sorting through cereal grains for additional processing. Ultimately, the blend of IoT and IIoT creates smart factories that are more efficient overall and empower manufacturers with more data to make better decisions.
This is overall a good thing. Manufacturing companies can use IoT devices to maximize their productivity and move maintenance from reactive to proactive. With more monitoring in industrial environments, safety issues can be resolved sooner and plant floors can run more efficiently. That said, there remain security risks to relying too heavily on unprotected IoT.
Manufacturer’s Adoption of IoT Creates a Security Risk
There are clear benefits to using IoT in manufacturing. Inventory management via RFID tags and UPC codes requires manual effort to track and input data; IoT inventory tagging can automatically update a computer when the item is moved. Sensors in industrial equipment can help track when maintenance is required throughout a distributed factory floor. IoT devices like cameras can monitor for safety issues and notify the necessary parties automatically.
Despite these benefits, however, there remain significant security risks. IoT devices are not typically built with security in mind. There are few standards around what security means on a connected device, and the traffic flowing to and from an IoT system is not always encrypted. Unencrypted traffic from IoT devices means that if cybercriminals gain a foothold into the device, they don’t have to do any work once they exfiltrate the data.
Exfiltrating unencrypted data to an unknown server is potentially damaging. Moreover, threat actors can use IoT devices as a way to penetrate deeper into the organization. Gaining a foothold into an easily discoverable IoT security camera might be a great starting point for initial access. Unfortunately, manufacturing receives a wide array of attacks in general – not all of them beginning with the IoT.
What Are Some Examples of Cyberattacks Targeting Manufacturers?
Manufacturing companies experienced 54.5% of attacks in 2023, according to Zscaler research, with an average of 6,000 attacks against them per week. Given that manufacturing companies tend to have tens or hundreds of thousands of OT, IIoT and IoT devices in their networks, they have some unique weaknesses among other firms.
Manufacturing companies are also some of the most critical to a country’s economy. Interrupting operations of the right manufacturing company can cause failures throughout certain market sectors.
A few of the most recent attacks include:
- Ingersoll Rand, a maker of compressors, experienced a ransomware attack in March 2023 where malicious actors leaked an estimated 3% of stolen data.
- Johnson Controls International experienced a ransomware attack that also impacted two of its subsidiaries and encrypted the company’s VMware ESXi machines. Malicious actors stole more than 27 terabytes of data in the attack, potentially also including Department of Homeland Security floor plans and security information.
- Fortive Corp, which makes test and measurement tools and asset management software, reported a $5 million one-time expense on its earnings report related to the remediation and operational impact of a ransomware attack from BlackBasta.
- Mueller Water Products, Inc. reported a cyberattack in October 2023 that affected its IT and OT systems alike, and wasn’t fully contained until the end of November. Mueller is one of the largest manufacturers and distributors of fire hydrants, gate valves, and other water infrastructure products in North America. They delayed filing a 10-K with the SEC and didn’t resume normal operations until mid-December.
Manufacturers can expect to see far more threats in the coming years given the complexity of protecting OT and the rise of industrial IoT systems that are now more connected to the internet. Organizations in this space need to take a hard look at how they’re defending critical systems.
Finding a security tool that empowers you with automated asset discovery to uncover shadow IoT is especially important. IoT devices are often deployed with minimal input from IT teams. That may not be the case in manufacturing organizations, but the reality is that there needs to be an IoT security tool in place that helps with asset discovery. Organizations also should implement a tool that can track packet traffic and detect any anomalies. This addition to your arsenal would be very welcome.
How Asimily Helps Defend Manufacturing Companies
Asimily’s platform is designed to streamline IoT security. As manufacturers adopt more smart technologies and IoT devices, locking down traffic and being able to determine traffic sources or any unusual connections can be very powerful. If cybersecurity teams notice that a water sensor is transmitting data somewhere it shouldn’t be, for example, that’s vital information to track a potential breach.
Manufacturers can use Asimily’s risk simulation to assess options for mitigating the risk from a given vulnerability on a device. Simulating a fix before doing it can help you determine criticality and whether the weakness is even of interest to attackers before doing the work. That’s critical information when you’re deciding how to improve your security posture. For instance, you may find that certain devices or access controls are inadequate.
Asimily provides holistic context into an organization’s IoT environment when calculating impact- and likelihood-based risk scoring for devices. Our vulnerability scoring considers the compensating controls so you can more appropriately prioritize remediation activities for the riskiest devices.
Asimily customers efficiently identify high-risk vulnerabilities with our proprietary, patented algorithm that regularly cross-references vast amounts of data from resources like EPSS (Exploit Prediction Scoring System), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists, the MITRE ATT&CK Framework, and NIST Guidelines. It understands your unique environment, so our deep contextual recommendation engine can provide real-time, actionable remediation steps to reduce risk and save time.
Asimily customers are 10x more efficient because the engine can pinpoint and prioritize the top 2% of problem devices that are High-Risk (High Likelihood of exploitation and High Impact if compromised). Unlike many offerings that don’t take into account the effort needed to handle identified issues, Asimily’s recommendations are as easy to execute as possible, from shutting down an unnecessary service to network enforcement solutions.
To learn more about Asimily, download our IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper or contact us today.
Reduce Vulnerabilities 10x Faster with Half the Resources
Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.