Case studies

Global Cyber Executive Briefing

Manufacturing

Manufacturers are increasingly being targeted not just by traditional malicious actors such as hackers and cyber-criminals, but by competing companies and nations engaged in corporate espionage. Motivations range from money and revenge to competitive advantage and strategic disruption.

What happens to a manufacturing business when its production operations suddenly grind to a halt? And what are the consequences of being unable to satisfy market demand? In today’s business environment of increased automation, connectivity and globalization, even the most powerful organizations in the world are vulnerable to debilitating cyber-threats. Also, as production spreads across the globe, regional and national politics are becoming an increasingly important factor in corporate and manufacturing policies.

Many existing manufacturing systems were developed at a time when security was much less of an issue. Also, the focus of manufacturing technology has traditionally been on performance and safety, not security. This has led to major security gaps in production systems. In addition, the growing complexity of these systems has resulted in large and elaborate network infrastructures that are extremely specialized. And in many cases the systems are being operated and managed by manufacturing specialists rather than the IT function. Combined with the integration of IT and operations, these trends have created a system environment with a large attack surface that is very difficult to manage and secure.

Types of cyber-attacks in manufacturing vary widely. Traditional attacks involve hackers gaining unauthorized access to sensitive systems and data (case #1). Phishing facilitates the process by tricking executives and their staffs into revealing login credentials and other private information, giving attackers front-door access to the organization’s systems.

Advanced malware is another type of attack that is increasingly common in manufacturing – and increasingly disruptive. In an era of ubiquitous connectivity when more and more industrial systems are connected to the internet, this malicious software infiltrates weak systems and hardware (often legacy manufacturing systems) and then spreads itself to other systems, leaving behind a trail of destruction and disruption (case #2). 

Internal threats, although often less technically sophisticated, can be just as damaging. In manufacturing, there are countless incidents of malicious insiders stealing a company’s intellectual property or other confidential information for personal profit or revenge. These internal attacks can be committed by current and former employees and contractors at any level of the organization – even the executive level (case #3).

The results of any of these attacks can be severe, ranging from loss of valuable ideas and market advantage to financial and reputational damage -- particularly in cases where sensitive customer data is compromised.

Malware snares employee log-in credentials

Organization

A large, global automotive manufacturer.

Scenario

Attackers infiltrated the manufacturer’s corporate network and installed malicious software. This malware allowed the attackers to obtain employee log-in credentials, which in turn could be used to target other key systems within the company that contained intellectual property.

Attackers and motivation

The attack targeted intellectual property related to automotive technology. This type of IP is very valuable and can be used to blackmail the company, or to gain competitive advantage. A close analysis of the incident suggests the attackers were part of an organized crime group.

Techniques used

The attackers used a mix of techniques to deploy the malware into the company’s network, including targeted email attacks and exploiting vulnerabilities in outdated systems.

Business impact

The incident received global media coverage, causing significant reputational damage to the company. However, the potential damage was reduced by the fact that the organization fixed the security flaws before making a statement to the press. This gave the organization time to investigate the attack and to determine it had not lost any information other than the employee login credentials.

Case 1

Worm grabs control of industrial plants

Organization

A multinational engineering and electronics firm with global operations.

Scenario

Attackers used a variant of advanced malware to infect multiple industrial plants around the world. Once the infection spread, the attackers could take control of systems used to monitor and control critical industrial systems such as power plants, and influence their inner workings.

Attackers and motivation

These type of attacks typically target high value infrastructure with the goal of causing widespread damage to an organization or even to an entire nation. The level of complexity, sophistication and funding needed for this attack suggests the actors were most likely state-sponsored.

Techniques used

To deploy the malware into the industrial plants, the attackers used infected removable media such as USB devices. Once an infected device was connected to a plant’s internal network, the advanced malware was automatically deployed -- grabbing control of the plant and running commands to influence its supervisory control and data acquisition (SCADA) systems.

Business impact

Official statements by the company emphasized that no real damage had been done to any of the infiltrated plants. However, the incident still created a huge stir in the media and significantly damaged the company’s reputation, since the attackers were theoretically able to control high value infrastructure that could have wreaked havoc on the environment.

Case 2

Executive pilfers intellectual property from a competitor

Organization

A leading manufacturer of video cameras and other digital cinematography tools.

Scenario

The company had valuable intellectual property (IP) stolen by a competing executive. The company was sharing its IP via email with the executive’s former employer to explore a possible joint venture, and the executive used old login credentials to gain access to the emails.

Attackers and motivation

The attacker was a rival industry executive who wanted to get an unfair advantage over his competitors by using their intellectual property to enhance his own company’s products.

Techniques used

The executive obtained the login information while working at his former employer, which made the mistake of not removing or deactivating his account after he left for another firm. This allowed the executive to continue accessing his former employer’s email and redirect the exchange of intellectual property to his current email account.

Business impact

IP theft can lead to a flood of counterfeit products. In this case, the targeted company lost a hardearned competitive advantage derived from years of cutting-edge research and development. After the theft, its products no longer stood out in the marketplace, which weakened its sales and strategic market position.

Case 3

Did you find this useful?