The proliferation of industrial internet of things (IIoT) devices is reportedly at the root of the higher than normal rates of reconnaissance related to cyber-attacks and lateral movement activity in the manufacturing industry, according to a new report from Vectra.
The new 2018 Spotlight Report on Manufacturing analyzed attacker behaviors and network trends from more than 250 manufacturing enterprises that opted to be part of Vectra’s research. For six months, Vectra monitored network traffic, collecting metadata from customer cloud, data center and enterprise environments. Analysis of the metadata garnered from over 4 million devices, and workloads revealed the ways in which the manufacturing industry is a prime target for attack.
Attackers who are able to bypass perimeter security gain network access, where they collect intel on their victims. The research revealed an unusually high volume of reconnaissance behavior, suggesting that attackers are mapping out manufacturing networks to locate critical assets.
Because the networks often have insufficient internal access controls, criminals are able to steal sensitive information with relative ease, the report found. Once attackers infiltrate the network, they proliferate the attack inside the network, evidenced by the findings that there is an abnormally high level of lateral movement.
Given that security controls can interrupt and isolate manufacturing systems, many manufacturers fail to invest in them. Instead, factories connect IIoT devices to flat, unpartitioned networks that have to communicate with general computing devices and enterprise applications, according to the report.
“In the past, manufacturers relied on more customized, proprietary protocols, which made mounting an attack more difficult for cybercriminals. The conversion from proprietary protocols to standard protocols makes it easier to infiltrate networks to spy, spread and steal,” the report stated.
According to Vectra, attempts to automate real-time data collection across integrated digital systems, IIoT devices and cloud computing resources in the manufacturing supply chain is an effort known as Industry 4.0. Using IIoT devices to converge enterprise information technology with operational technology networks in manufacturing organizations has enabled not only intellectual property theft but also business disruption.
Said Chris Morales, head of security analytics at Vectra, “The interconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of IIoT devices, has created a massive attack surface for cybercriminals to exploit.”