Malware — short for malicious software — unleashes a dizzying range of destruction. And manufacturers are becoming an ever more frequent target of these attacks, especially ransomware attacks.
The IBM Security X-Force Threat Intelligence Index 2023 reports that for the second year in a row, manufacturing was the top target for cybercriminals. IBM notes that manufacturing is a particularly attractive mark for extortion-related attacks like ransomware due to the industry’s low tolerance for downtime.
Sobering statistics in the annual report include how the average time to complete a ransomware attack has gone from two months to less than four days. The report also describes the double threat organizations face: Cybercriminals are constantly innovating their malware to avoid detection, yet thanks to gaps in legacy equipment security, older malware infections such as WannaCry (ransomware) and Conficker (a worm) continue to put operations technology at risk.
Ransomware, which is malware that encrypts files and requires payment for a decryption key, and worms, self-replicating malware that invades a network, are two variants bundled under the malware umbrella.
This threat also includes:
- Trojan horses, which are disguised as legitimate software and once installed, can steal sensitive information or give an attacker remote access to a targeted computer.
- Spyware, which sits quietly in a computer system and steals personal information, such credit card or banking information.
- Key loggers, which is short for keystroke logging and keeps track of keystrokes on a computer, capturing data including passwords.
- Rootkits, which allow unauthorized users to gain access to a network without being detected and deliver administrator-level control over a device.
Upping the threat is the fact that malware is not just infecting computers and networks. It can infiltrate anything with a microprocessor, including an Edge device in a manufacturing environment or a smart thermostat in a home. Connectivity in today’s factories and homes enables malware to spread faster.
Phishing emails remain malware creators’ tool of choice to deliver their payloads, with the IBM report linking phishing to 41% of incidents in 2022. But malware can also get into devices at the manufacturing stage, or somewhere between the manufacturer and the consumer, as reportedly happened in 2017 with Android phones. That makes supply chain security crucial for stopping malware attacks.
In its report titled “Defending Against Software Supply Chain Attacks,” the National Institute of Standards and Technology detailed the issue and provided steps organizations can take to decrease such risks, including segmenting networks to prevent guest users with bad intentions from accessing the main network.
Manufacturers also can counter attacks by training their employees to recognize phishing emails and not to click on suspicious links. Strong passwords and regular software patching are also necessary.
USB ports can serve as paths for malware, so organizations should disable ports when possible and limit who can connect into their network that way.
Multi-factor authentication, which requires at least two credentials, provides another safety net. If cybercriminals get an employee’s password, that alone won’t be enough to gain access to a network if the employee has multi-factor authentication.
Preparation is key, experts say. The IBM report notes that while “attacks are inevitable, failure doesn’t have to be.”
Additional resources to help block malware are available in the MxD Cyber Marketplace.
MxD also has identified other top cybersecurity threats that manufacturers face and provides suggestions on how to mitigate them. Read more about equipment sabotage, insider threats, supply chain attacks, phishing, ransomware, and data theft at mxdusa.org.
A complement to the MxD Cyber Marketplace, MxD’s Playbook for CMMC 2.0 Level 1 is designed to help manufacturers and their suppliers prepare to meet the Defense Department’s upcoming cybersecurity requirements. It’s available for free download.
Top 7 Cybersecurity Threats Series:
#1 Equipment Sabotage
#2 Insider Threats
#3 Supply Chain Attacks
#4 Phishing Attacks
#5 Ransomware
#6 Data Theft
#7 Malware