Manufacturing Industry Revealed as Top Ransomware Target

World’s most prolific ransomware gang, Conti, set its sights on the sector in last year.

Recent findings by Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s most trusted solution to power and protect digital experiences, revealed that nearly 30% of ransomware attacks[1] worldwide launched by the world’s largest ransomware gang, Conti, targeted the manufacturing industry. The Business Services and Retail industries were the next most frequently targeted at 13.37 percent and 11.14 percent, respectively.

According to Forrester, as many as three in four manufacturers in Asia Pacific are prioritising innovation and automation for greater operational efficiency and resilience. As manufacturers begin to implement smart factories and adopt the Industrial Internet of Things (IIoT), more machines are getting networked to the internet. This has widened the attack surface and created new in-roads for attackers to enter a manufacturer’s network.

“Manufacturing is one of Asia Pacific’s most valuable industries – it is estimated that the region can generate up to $600 billion a year in additional manufacturing output by 2030,” said Dean Houari, Director of Security Technology and Strategy, APJ, Akamai.

“Attackers remain financially motivated, and the manufacturing industry presents a prime target for ransomware attacks, since they cannot afford downtime and disruption especially when long supply chains depend on parts or products. Very often, manufacturers end up paying the ransom to reduce disruption to operations or the delivery of products to customers,” continued Houari.

Chart, bar chart

Description automatically generated
Figure 1 – Most Attacked Industries by Attack Count

Akamai’s findings are based on research into Conti, one of the world’s world’s most prolific Ransomware-as-a-Service (RaaS) providers. Gangs like Conti have been leveraging the industry’s rapid digitalization for their benefit. In providing RaaS, these gangs make their most effective tactics, techniques, and procedures (TTPs) available by selling them to other hackers.

Far reaching impact of attacks on manufacturing

In the context of manufacturing, attacks can have far-reaching consequences, including supply chain disruptions. When disruptions happen in critical industries such as pharmaceuticals, food and beverage, transportation and even medical devices, the impact on the lives of citizens can be significant and long-term.

The ransomware attack on JBS SA, the largest meat producer globally, is an example that demonstrates the far-reaching impact of attacks on manufacturers. In the JBS case, attackers were able to forcibly shutdown all its U.S. beef plants, effectively stopping the production of a quarter of American meat supplies.

Three Steps to Securing Manufacturing

  1. Software-defined Micro-Segmentation is Key

Ransomware attacks are, by definition, a lateral movement attack to paralyze a manufacturer’s operations. Intruders should not be able to move laterally from system to system to encrypt data on critical servers and their backups and steal intellectual property.

Contrary to popular belief, segmentation does not need to be accomplished at the infrastructure layer, which can be complex and require multiple approaches when an organization adopts new technologies.

Instead, manufacturers should start with a flat, underlying network and then apply a software-defined overlay that can work consistently across all of its environments and technologies. This will shrink the attack surface by breaking their network into small segments. Manufacturers should enforce this with a tight security policy between segments which they can set up based on environment, BUs, applications, compliance enclaves and so on.

  1. Create a detailed response plan

All manufacturers are now a target for advanced persistent threats (APT). As such, they should pre-emptively create and plan breach mitigation policies to reduce response time once malware is detected, in the event that a persistent attacker gets in. More importantly, plans should also be created for the recovery process — consider which applications and sections need to come back online first and create policies accordingly to keep them secure while the rest of the network is restored.

  1. Protect the crown jewels and their back ups 

To maximize damage, ransomware campaigns usually target the organization’s backup application to encrypt the stored backup data. To mitigate this, manufacturers should ring fence their critical applications or crown jewel servers and their backup. This will ensure that attackers do not gain additional leverage and prevent critical systems and business operations from coming to a halt.