Manufacturing faces a surge in cyber attacks

Manufacturing faced an unprecedented 165% surge in cyber-attack attempts last year – exponentially higher than other industries – exposing severe safety, production, and critical infrastructure risks if security gaps aren’t urgently addressed. That’s the finding Armis (https://www.armis.com) published in its report, “The Anatomy of Cybersecurity: A Dissection of 2023’s Attack Landscape.”

The asset intelligence cybersecurity company’s analysis showed global attack attempts more than doubled in 2023 (increasing 104%), with manufacturing the second most-at-risk industry trailing only utilities, which experienced more than a 200% increase. Attack attempts peaked in July, with communications, imaging, and manufacturing devices experiencing intensified targeting during this period.

A major source of attacks comes from geopolitical rivals. The report says, “In 2023, manufacturing was one of the top industries exposed to attack from Chinese and Russian actors. Compared to other industries, manufacturing experienced an intensified threat landscape, with .cn and .ru domains contributing to an average of 30% of monthly attack attempts.”

Two additional factors compound the threat, one being what Armis calls the “concerning trend of operational technology (OT) devices accessing the Internet.” OT connects, monitors, manages, and secures an organization’s industrial operations – the production machines. Networking equipment and services giant Cisco Systems notes OT includes robots, industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), and computer numerical control (CNC) – all the technologies driving modern manufacturing.

About 80% of engineering workstations and 60% of SCADA servers had Internet access during the past year. Internet access and vulnerabilities in these devices “pose a significant risk to cybersecurity as it increases the potential entry points for bad actors,” according to the report.

The second factor exacerbating cyber weaknesses is unpatched legacy technology. Eleven percent of manufacturing companies are still using legacy operating systems reaching end-of-life (EoL) or end-of-support (EoS), with the operating system (OS) provider no longer actively supporting or offering patches for vulnerabilities and security issues.

“This vulnerability is particularly evident in the server environment, with nearly a quarter of server versions facing EoS scenarios,” the report warns. Windows server OS versions 2012 and earlier are 77% more likely to experience attack attempts compared to newer Windows server versions, Armis analysts say.

“Armis found that not only are attack attempts increasing, but cybersecurity blind spots and critical vulnerabilities are worsening, painting prime targets for malicious actors,” says Armis CTO and Co-founder Nadir Izrael. “It’s critical that security teams leverage similar intelligence defensively, so they know where to prioritize efforts and fill these gaps to mitigate risk.”

Protecting OT as well as IT needs to be top-of-mind for manufacturers, regardless of their size. – Eric