Vectra has announced that the manufacturing industry exhibits higher-than-normal rates of cyberattack-related reconnaissance and lateral movement activity. This is due to the rapid convergence of enterprise information technology and operational technology networks in manufacturing organisations.
As part of key findings in the new 2018 Spotlight Report on Manufacturing, Vectra revealed that attackers who evade perimeter security can easily spy, spread and steal, unhindered by insufficient internal access controls.
The manufacturing industry has had a lower profile as cyberattacks against the retail, financial services and healthcare industries have made headlines. However, intellectual property theft and business disruption are primary reasons why manufacturers have become prime targets for cybercriminals.
“Recent reports about nation-state cyberattacks against U.S. utility control systems show that cybercriminals are intent on surreptitiously taking inventory of critical industrial assets and intellectual property to disrupt manufacturing business operations,” said Vikrant Gandhi, industry director at the analyst firm Frost and Sullivan.
Other key findings in the Spotlight Report on Manufacturing from Vectra include:
- A much higher volume of malicious internal behaviors, which is a strong indicator that attackers are already inside the network.
- An unusually high volume of reconnaissance behaviors, which is a strong indicator that attackers are mapping out manufacturing networks in search of critical assets.
- An abnormally high level of lateral movement, which is a strong indicator that the attack is proliferating inside the network.
“The increase in industrial IoT devices exponentially increases the attack surface for manufacturers,” said Jürg Affolter, CIO at Brugg Cables. “Implementing continuous monitoring of the internal network for attacker behaviors as well as additional access controls are important since an agent-based solution isn’t possible for industrial IoT devices.”
“The interconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of industrial internet-of-things (IIoT) devices, has created a massive, attack surface for cybercriminals to exploit,” said Chris Morales, head of security analytics at Vectra.
The 2018 Spotlight Report from Vectra is based on observations and data from the 2018 Black Hat Conference Edition of the Attacker Behavior Industry Report, which reveals attacker behaviors and trends in networks from over 250 opt-in enterprise organizations in manufacturing and eight other industries.
From January through June 2018, the Cognito threat-detection and hunting platform from Vectra monitored network traffic and collected metadata from more than four million devices and workloads from customer cloud, data center and enterprise environments. The analysis of this metadata provides a better understanding about attacker behaviors and trends as well as business risks, enabling Vectra customers to avoid catastrophic data breaches.
The Cognito platform from Vectra enables enterprises to automatically detect and hunt for cyberattacks in real time. Cognito uses AI to perform non-stop, automated threat hunting with always-learning behavioral models to quickly and efficiently find hidden and unknown attackers before they do damage. Cognito provides full visibility into cyberattacker behaviors from cloud and data center workloads to user and IoT devices, leaving attackers with nowhere to hide.
Cognito Detect and its AI counterpart, Cognito Recall, are the cornerstones of the Cognito platform. Cognito Detect automates the real-time detection of hidden attackers while giving Cognito Recall a logical starting point to perform AI-assisted threat hunting and conduct conclusive incident investigations.