While organizations in the manufacturing sector are moving toward the adoption of automation and IoT technologies, attackers are regularly aiming at them via the vastly exposed attack surface. Recently, several hacking groups have been observed carrying out targeted attacks on specific organizations, as well as opportunistic attacks targeting large masses.
A large number of organizations in the manufacturing sector have specifically been targeted by cyberattackers in the past few weeks. Among these attacks, ransomware attacks turn out to be the most prominent threat.
- French electronics manufacturing services company Asteelflash was targeted by the REvil ransomware gang, with a demand of $24 million ransom.
- YposKesi, the European Contract Development and Manufacturing Organization (CDMO), was targeted by Babuk ransomware.
- The Molson Coors Beverage Company suffered an attack by some unknown ransomware.
- An unknown group of attackers was seen using the Hades ransomware variant to target a global manufacturing organization, a U.S.-based consumer products organization, and a transport and logistics company.
- Another French pharmaceutical and skin cosmetics manufacturer Pierre Fabre group halted its production due to an attack by an unidentified attacker.
For these attacks, threat actors were seen using privilege escalation, moving laterally in a network, evading defenses, and exfiltrating data. Moreover, living-off-the-land is a common technique used by ransomware operators.
Several attackers were seen carrying out open-fire attacks, targeting a massive number of devices exposed on the internet.
- A new variant of the Mirai malware was seen targeting network security devices manufactured by SonicWall, D-Link, Netgear, Netis, and Yealink by exploiting a large number of vulnerabilities in these devices.
- The U.S. Department of Justice seized five domains that were used by attackers to impersonate the official websites of several biotech companies and drug manufacturers (including Regeneron Pharmaceuticals) working for COVID-19 treatment-related activities.
- A group of attackers intruded into the live feeds of 150,000 surveillance cameras inside various organizations, including hospitals, companies, police departments, prisons, and schools. They managed to breach a massive amount of security camera data from these organizations, including Tesla.
For these massive opportunist attacks, attackers attempted to break into the networks or devices by exploiting vulnerabilities.
The accelerated pace of modernization and lack of adequate security has turned the manufacturing sector into a lucrative target for cyberattacks. To protect themselves from the ever-changing threat landscape, these organizations are recommended to upgrade their cybersecurity infrastructure at the same speed.