Industrial Companies At Risk As Attacks Double

Uploaded on 2021-09-17 in FREE TO VIEW, BUSINESS-Production-Manufacturing, TECHNOLOGY-Key Areas-Internet of Things

Extensive analysis of cyber threats in 2020 reveals a 91% jump in attacks on industrial companies and a 54% rise in malware-related attacks compared to 2019, according to the enterprise security experts at Positive Technologies.

Industrial manufacturing is becoming increasingly digitised as the industry is adopting automation, to a greater extent than ever before. The Industrial Internet of Things (IIoT) is bringing artificial intelligence, cloud computing and robotics into factories. 

Cyber-physical systems can now integrate all aspects of the supply chain, including operational systems and information systems, and are taking the place of outdated, siloed machines.Any factory making use of these new technologies is known as a Smart Factory, and they’re prompting what experts are calling the Fourth Industrial Revolution, or Industry 4.0.  Smart Factories will help the manufacturing industry considerably, as digital technology can offer greater efficiency in the production stage, better quality products with fewer mistakes, and more flexibility for working processes.

Positive Technologies found that external attackers can penetrate the corporate network in all these organisations, and once inside, can obtain user credentials and complete control over the infrastructure in 100% of cases. In over two-thirds (69%) of these cases, external attackers can steal sensitive data from the organisation, including information about partners and company employees and internal documentation.

“Industrial companies attract criminals by their size, the importance of business processes, and their impact on the world and people's lives... The mission of information security experts is to make sure that industrial accidents do not become a regular occurrence. To do this, it is necessary to identify unacceptable events and achieve a level of information security that will prevent such events from happening as a result of a cyberattack, “ says the Report.

In addition, penetration testers from Positive Technologies gained access to the technological segment of the network of 75% of organisations. This then enabled them to access Industrial Control Systems (ICS) in 56% of cases.

Once malicious actors gain access to ICS components, they have the opportunity to cause severe damage and even fatalities, this includes shutting down entire productions, causing equipment to fail and triggering industrial accidents.
Positive Technologies said there is a range of factors that are making these organisations vulnerable to hackers. For example, during recent pilot projects, its experts uncovered numerous suspicious events in the internal network of each industrial company. 

In one case, Positive Technologies researchers registered a Remote Desktop Protocol (RDP) connection to an external cloud storage, enabling 23 GB of data to be transferred to the address of this storage via RDP and HTTPS.

Researchers also noted that industrial companies often use outdated software and commonly save connection parameters, such as username and password, in a remote access authentication form, allowing attackers to connect to the resources of an isolated segment without credentials when they obtain control over such a computer.  “The industrial sector has become increasingly attractive to hackers in recent years. Attacks are getting more successful and their scenarios more complex. On the other hand, companies often cannot detect a targeted cyber attack on their own.” 

“More than anywhere else, the protection of the industrial sector requires modelling of critical systems to test their parameters, verify the feasibility of business risks, and look for vulnerabilities, ” says the Report.

Positive Technologies:        Infosecurity Magazine:     Swivel Secure     SDC Exec:

You Might Also Read:

Industrial Control System Security Is Overlooked:
 

« HCL & Dell Unite Against Ransomware
Australia’s Critical Infrastructure Is Under Constant Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Radiant Logic

Radiant Logic

Radiant Logic is a market-leading provider of federated identity solutions based on virtualization, and delivers simple, logical, and standards-based access to all identities within an organization.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Swiss CyberSecurity

Swiss CyberSecurity

Swiss CyberSecurity is a non-profit group based in Geneva, set up to provide information and as a forum for discussion of topics related to CyberSecurity.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

CodeHunter

CodeHunter

CodeHunter is a malware hunting SaaS platform designed to detect all variations of malware, known and unknown, without the need for source code or signatures.

RecoLabs (Reco)

RecoLabs (Reco)

Reco empowers organizations to discover their SaaS applications, identities, and data, control access and prevent the risk of exposure.

Cyberani Solutions

Cyberani Solutions

Cyberani Solutions was created to fulfill the cybersecurity needs of industry and government in Saudi Arabia, and across the Middle East and North Africa regions.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

Filigran

Filigran

Filigran provides threat intelligence, adversary simulation and crisis response open solutions to thousands of cybersecurity and crisis management teams across the world.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.

Token

Token

Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.