Global Cyber Executive Briefing
Manufacturers are increasingly being targeted not just by traditional malicious actors such as hackers and cyber-criminals, but by competing companies and nations engaged in corporate espionage. Motivations range from money and revenge to competitive advantage and strategic disruption.
- Case - 1: Malware snares employee log-in credentials
- Case - 2: Worm grabs control of industrial plants
- Case - 3: Executive pilfers intellectual property from a competitor
What happens to a manufacturing business when its production operations suddenly grind to a halt? And what are the consequences of being unable to satisfy market demand? In today’s business environment of increased automation, connectivity and globalization, even the most powerful organizations in the world are vulnerable to debilitating cyber-threats. Also, as production spreads across the globe, regional and national politics are becoming an increasingly important factor in corporate and manufacturing policies.
Many existing manufacturing systems were developed at a time when security was much less of an issue. Also, the focus of manufacturing technology has traditionally been on performance and safety, not security. This has led to major security gaps in production systems. In addition, the growing complexity of these systems has resulted in large and elaborate network infrastructures that are extremely specialized. And in many cases the systems are being operated and managed by manufacturing specialists rather than the IT function. Combined with the integration of IT and operations, these trends have created a system environment with a large attack surface that is very difficult to manage and secure.
Types of cyber-attacks in manufacturing vary widely. Traditional attacks involve hackers gaining unauthorized access to sensitive systems and data (case #1). Phishing facilitates the process by tricking executives and their staffs into revealing login credentials and other private information, giving attackers front-door access to the organization’s systems.
Advanced malware is another type of attack that is increasingly common in manufacturing – and increasingly disruptive. In an era of ubiquitous connectivity when more and more industrial systems are connected to the internet, this malicious software infiltrates weak systems and hardware (often legacy manufacturing systems) and then spreads itself to other systems, leaving behind a trail of destruction and disruption (case #2).
Internal threats, although often less technically sophisticated, can be just as damaging. In manufacturing, there are countless incidents of malicious insiders stealing a company’s intellectual property or other confidential information for personal profit or revenge. These internal attacks can be committed by current and former employees and contractors at any level of the organization – even the executive level (case #3).
The results of any of these attacks can be severe, ranging from loss of valuable ideas and market advantage to financial and reputational damage -- particularly in cases where sensitive customer data is compromised.
Malware snares employee log-in credentials
A large, global automotive manufacturer.
Attackers infiltrated the manufacturer’s corporate network and installed malicious software. This malware allowed the attackers to obtain employee log-in credentials, which in turn could be used to target other key systems within the company that contained intellectual property.
Attackers and motivation
The attack targeted intellectual property related to automotive technology. This type of IP is very valuable and can be used to blackmail the company, or to gain competitive advantage. A close analysis of the incident suggests the attackers were part of an organized crime group.
The attackers used a mix of techniques to deploy the malware into the company’s network, including targeted email attacks and exploiting vulnerabilities in outdated systems.
The incident received global media coverage, causing significant reputational damage to the company. However, the potential damage was reduced by the fact that the organization fixed the security flaws before making a statement to the press. This gave the organization time to investigate the attack and to determine it had not lost any information other than the employee login credentials.
Worm grabs control of industrial plants
A multinational engineering and electronics firm with global operations.
Attackers used a variant of advanced malware to infect multiple industrial plants around the world. Once the infection spread, the attackers could take control of systems used to monitor and control critical industrial systems such as power plants, and influence their inner workings.
Attackers and motivation
These type of attacks typically target high value infrastructure with the goal of causing widespread damage to an organization or even to an entire nation. The level of complexity, sophistication and funding needed for this attack suggests the actors were most likely state-sponsored.
To deploy the malware into the industrial plants, the attackers used infected removable media such as USB devices. Once an infected device was connected to a plant’s internal network, the advanced malware was automatically deployed -- grabbing control of the plant and running commands to influence its supervisory control and data acquisition (SCADA) systems.
Official statements by the company emphasized that no real damage had been done to any of the infiltrated plants. However, the incident still created a huge stir in the media and significantly damaged the company’s reputation, since the attackers were theoretically able to control high value infrastructure that could have wreaked havoc on the environment.
Executive pilfers intellectual property from a competitor
A leading manufacturer of video cameras and other digital cinematography tools.
The company had valuable intellectual property (IP) stolen by a competing executive. The company was sharing its IP via email with the executive’s former employer to explore a possible joint venture, and the executive used old login credentials to gain access to the emails.
Attackers and motivation
The attacker was a rival industry executive who wanted to get an unfair advantage over his competitors by using their intellectual property to enhance his own company’s products.
The executive obtained the login information while working at his former employer, which made the mistake of not removing or deactivating his account after he left for another firm. This allowed the executive to continue accessing his former employer’s email and redirect the exchange of intellectual property to his current email account.
IP theft can lead to a flood of counterfeit products. In this case, the targeted company lost a hardearned competitive advantage derived from years of cutting-edge research and development. After the theft, its products no longer stood out in the marketplace, which weakened its sales and strategic market position.