Industrial Companies At Risk As Attacks Double
Extensive analysis of cyber threats in 2020 reveals a 91% jump in attacks on industrial companies and a 54% rise in malware-related attacks compared to 2019, according to the enterprise security experts at Positive Technologies.
Industrial manufacturing is becoming increasingly digitised as the industry is adopting automation, to a greater extent than ever before. The Industrial Internet of Things (IIoT) is bringing artificial intelligence, cloud computing and robotics into factories.
Cyber-physical systems can now integrate all aspects of the supply chain, including operational systems and information systems, and are taking the place of outdated, siloed machines.Any factory making use of these new technologies is known as a Smart Factory, and they’re prompting what experts are calling the Fourth Industrial Revolution, or Industry 4.0. Smart Factories will help the manufacturing industry considerably, as digital technology can offer greater efficiency in the production stage, better quality products with fewer mistakes, and more flexibility for working processes.
Positive Technologies found that external attackers can penetrate the corporate network in all these organisations, and once inside, can obtain user credentials and complete control over the infrastructure in 100% of cases. In over two-thirds (69%) of these cases, external attackers can steal sensitive data from the organisation, including information about partners and company employees and internal documentation.
“Industrial companies attract criminals by their size, the importance of business processes, and their impact on the world and people's lives... The mission of information security experts is to make sure that industrial accidents do not become a regular occurrence. To do this, it is necessary to identify unacceptable events and achieve a level of information security that will prevent such events from happening as a result of a cyberattack, “ says the Report.
In addition, penetration testers from Positive Technologies gained access to the technological segment of the network of 75% of organisations. This then enabled them to access Industrial Control Systems (ICS) in 56% of cases.
Once malicious actors gain access to ICS components, they have the opportunity to cause severe damage and even fatalities, this includes shutting down entire productions, causing equipment to fail and triggering industrial accidents.
Positive Technologies said there is a range of factors that are making these organisations vulnerable to hackers. For example, during recent pilot projects, its experts uncovered numerous suspicious events in the internal network of each industrial company.
In one case, Positive Technologies researchers registered a Remote Desktop Protocol (RDP) connection to an external cloud storage, enabling 23 GB of data to be transferred to the address of this storage via RDP and HTTPS.
Researchers also noted that industrial companies often use outdated software and commonly save connection parameters, such as username and password, in a remote access authentication form, allowing attackers to connect to the resources of an isolated segment without credentials when they obtain control over such a computer. “The industrial sector has become increasingly attractive to hackers in recent years. Attacks are getting more successful and their scenarios more complex. On the other hand, companies often cannot detect a targeted cyber attack on their own.”
“More than anywhere else, the protection of the industrial sector requires modelling of critical systems to test their parameters, verify the feasibility of business risks, and look for vulnerabilities, ” says the Report.
Positive Technologies: Infosecurity Magazine: Swivel Secure SDC Exec:
You Might Also Read: