An active cybersecurity posture is needed by manufacturers to protect their IP from rising threat of cyberattacks.

By Andrew Homer, VP of Security Strategy at Morphisec

As cyber attackers continue to exploit the security gaps created by COVID-19, enterprises worldwide are on high alert as government warnings roll in and attacks dominate news cycles. As the fallout from the SolarWinds attack has illustrated, even applications that companies use day-to-day can be turned into malicious programs by nefarious actors. And for the manufacturing industry that’s already dealing with downward pressure on demand, production, and revenue, they most certainly have not escaped these vicious cybersecurity threats.

In fact, with the FBI’s Cyber Division reporting that the number of reported cyberattacks catapulted by 400% to 4,000 attacks per day during the height of the pandemic, manufacturers have unfortunately been a tasty target. Furthermore, last year, the Manufacturers Alliance for Productivity & Innovation (MAPI) released a report with Deloitte that found 40% of manufacturers were victims of a cyberattack in the past 12 months. Worse yet, the economic impact of attacks are increasing as malicious parties targeting the manufacturing industry target intellectual property. In fact, the cost of each breach for manufacturers is now greater than $1M according to MAPI.

But even with cybersecurity awareness month far behind us manufacturing companies facing significant pressure to kickstart economic recovery could still face the most sophisticated cyber threats they’ve seen to date.

Placed Under Siege by State-Sponsored Attackers

Accounting for about a tenth of the U.S. GDP and employing more than 15M people, there’s no doubting the role that the manufacturing industry plays in the national economy’s success. In fact, analysts at Goldman Sachs have gone on record to opine that the U.S. is over-reliant on its output for economic growth. But for state-sponsored cyber attackers looking to probe national vulnerabilities, gather intelligence, and exploit money, they have a lot to gain by infiltrating an industry with critical IP. So, as we continue to reel from the fallout of COVID-19, it’s hardly a surprise that we’re seeing an uptick in activity from these types of threat actors.

As far back as April of last year, for instance, when the extremity of this virus was being realized and millions of Americans were in the early stages of an unprecedented work-from-home experiment, Google reported that it had detected more than 12 state-sponsored hacking groups using the pandemic as a way to craft phishing emails and attempt to distribute malware. This resulted in the United States government issuing an advisory to all businesses directly involved in the country’s Coronavirus response to beware of attack. As many facilities battled tremendous surges in workload and demand, this included companies manufacturing vital PPE gear and other healthcare supplies. Of course, these facilities were also fighting wide-scale disruptions in their global supply chain of materials, something both online criminals and nation-backed hackers sought to take advantage of, and it worked. Now, researchers say that manufacturers have already experienced an 11% increase in attacks and intrusions on their networks in 2020 than all of 2019.

But with the entire U.S. on high alert, how do these bad actors still manage to bypass detection? Sophisticated cyber attackers are increasingly using behavior analysis of defense systems to introduce noise and decrease the confidence of newer machine learning defenses, while also capitalizing on whitelisting by utilizing legitimate applications to execute malicious code.

For example, Deloitte highlighted a multinational engineering and electronics firm targeted by attackers that infected removable media such as USB devices. Once the infected device was connected to its plant’s internal network, the advanced malware was automatically deployed — grabbing control of the plant and running commands to influence its supervisory control and data acquisition (SCADA) systems. This type of attack targeted high-value infrastructure to cause widespread damage to the organization and even an entire nation. Therefore, the level of complexity, sophistication, and funding needed for this type of attack suggests that the bad actors were likely state-sponsored.

But the truth is, as with all industries forced into remote work environments due to COVID-19, they’ve simply become easier targets for cybercriminals.

Critical Gaps Exposed by Remote IT Team

Even the largest manufacturing companies have limited IT resources and security teams. But with these assets moving to remote environments since the onset of COVID-19, security setups that rely on detection-based solutions have been further complicated — something attackers have been taking note of since February. And as a result, IT teams are under immense pressure to protect their organizations from attack. Yet, research studies conducted throughout the pandemic have highlighted just how difficult this is, with most employees working from their unprotected personal laptops.

In fact, one such study found that 56% of workers have been using their personal computers while working remotely, and 23% admitted that they didn’t even know what security protocols were installed on their devices. These statistics are sure to make hackers’ mouths water as they set their sights on stealing valuable IP.

And as the threat of COVID-19 fails to slow down and many employees remain remote, we can expect to see more businesses fall victim to attack and the cost per breach rise across the country. That is, of course, unless these enterprises embrace proactive cyber defenses that quash hackers before they have the chance to infiltrate systems.

56% of workers have been using their personal computers while working remotely.
56% of workers have been using their personal computers while working remotely.

Protecting IP With Active Cyber Defenses

Regardless of external factors and economic conditions, it is difficult to secure legacy systems, valuable IP and customer data connected to modern applications and even third-party systems, making manufacturers extremely attractive targets. But as we’ve already mentioned, the good news is that most cyberattacks are preventable. Of course, basic security hygiene measures, such as enabling two-factor identification, are essential.

However, deploying more active defense mechanisms has also proven vital as threat actors become more sophisticated. The U.S. Department of Defense defines active defense as “The employment of limited offensive action and counterattacks to deny a contested area or position to the enemy.” In cybersecurity environments, active protection can take on the shape of basic cyber defensive capabilities to cyber deception and adversary engagement operations. The combination of these defenses allows an organization to counter current attacks and learn more about that adversary, and better prepare for new attacks in the future.

One example of deception technology is moving target defense, which is increasingly being used by high-risk organizations like DHS that provide end-to-end protection against the most damaging attacks. Moving target defense disables attackers from being able to accurately identify the resources they need to leverage to evade manufacturer’s current defenses, and guard businesses’ critical systems from the most sophisticated Zero-day info-stealers used by nation-state actors by scrambling the locations of all memory without any human management.

Moving target defense is undoubtedly tailor-made for this unparalleled environment where hackers are unrelentingly punishing those with even the slightest security gaps. By utilizing these proactive defense forms, manufacturers can protect themselves from in-memory exploits, new zero-days, fileless attacks, and evasive malware. And as we expect these types of attacks to proliferate in the coming months as the U.S. political and economic landscape heats up, manufacturers can rest assured that they’ve bolstered their focus on effective, enduring endpoint security strategies, and thus, mitigated the risk of vicious state-sponsored attacks stealing IP and disrupting operations.

andrew homer morphisec
Andrew Homer

Andrew Homer is VP of Business Development and Security Strategy at cybersecurity startup Morphisec and has numerous years of hands-on experience creating strategic technology partnerships and leading teams through growth phases. Prior to Morphisec, Andrew was Director of Business Development and Technology Alliances at RSA, where he led the company’s technology ecosystem, strategic alliances and embedded OEM partnerships. Over the past two decades, he has gained a wealth of both corporate and high-growth experience, having held business development positions at Dell, EMC and VMware. You can reach Andrew at andrew.homer@morphisec.com