Ensuring robust cyber security for manufacturing is of utmost importance in today’s digital age. With the increasing reliance on technology, manufacturing companies are becoming more vulnerable to cyber attacks that can cause significant financial and reputational damage.
A new report by Toolbox.com (Researchers Uncover Major Watering Hole Campaign Targeting Multiple Sectors) has revealed an unidentified group of cybercriminals are targeting Canadian websites. Manufacturing, in particular, is being targeted by this attack. This is another reason for a focus on cyber security for manufacturing businesses throughout North America.
In this article, we will explore the key cyber security threats facing the manufacturing industry and provide practical tips on how to safeguard your business against these risks.
What is a Watering Hole Attack?
A watering hole attack gets its name from the real-life watering home. Predators lay in wait for their prey to come to a common location. In the IT space, these attacks occur when a popular public website is targeted by hackers. They can prove to be very dangerous as individuals, organizations and even entire industries can be targeted.
“The malware may be delivered and installed without the target realising (called a ‘drive by’ attack), but given the trust the target is likely to have in the watering hole site, it can also be a file that a user will consciously download without realising what it really contains.”
UK National Cyber Security Center
Cyber Attack against Canadian Manufacturing Uncovered by Black Lotus
The Black Lotus Labs security firm discovered the watering hole attack on Ukrainian websites and one Canadian target. It appears that this attack is by the same group that managed to successfully attack San Francisco International Airport’s website back in April 2020.
The main sectors that appear to be targeted are manufacturing, media, sport, investment banking, and the oil sector. So far the attackers remain unidentified. The attack succeeded to add malicious JavaScript code to the target websites. This JavaScript code “prompted the victims’ devices to send their New Technology LAN Manager (NTLM) hashes to an actor-controlled server using Server Message Block (SMB).”
Cyber security for manufacturing industry is a focus of Sabre IT Limited as we have found this industry segment runs behind the general business sector in protecting their IT infrastructure.
In more general terms, the attackers were able to gain information that let them access email credentials, general account usernames, and passwords, personal financial and banking information, and in some cases resources on the corporate network.
How to secure against this attack?
Unlike Phishing attacks, which are almost always delivered as either email or direct messages on services like Facebook Messenger, watering hole attacks might occur on a trusted website. It can be very hard to train users to identify and avoid these attacks.
There is no way for an average user to recognize a hacked website except with tools designed specifically to do just that. Here are some recommendations from Black Lotus Labs.
- Disable SMB-based communications outside your network.
- Disable SMB communication through your firewall
- Disable vulnerable software like Adobe Flash and Internet Explorer and ensure all browser software is patched to the most current level.
- Disable JavaScript on untrusted websites. If disabling is not an option, limit their use only to those websites that need it.
- Patch and update your operating system regularly. Do not run insecure software.
- Make sure you have a robust anti-virus system and ideally a whitelisting service that will identify untrusted websites.
- Monitor traffic from third-party, unknown, and suspicious sites. Monitoring unusual connections to your firewall from unexpected offshore sites can detect these bad actors.
Read our article on hardening cyber security for manufacturing and other businesses for even more detail on how to ensure you are prepared for the very likely possibility that you will be a target of these kinds of attacks.
Understanding the Latest Cybersecurity Threats to Control Systems in Manufacturing
As manufacturing companies increasingly rely on control systems to automate their operations, they also become more vulnerable to cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) has identified several emerging threats to control systems that manufacturing firms should be aware of.
One of the most concerning threats is ransomware, which has become a popular tool for cybercriminals to exploit vulnerabilities in control systems. In recent years, ransomware attacks have disrupted several manufacturing companies, causing significant financial losses and reputational damage.
Another threat is supply chain attacks, where cybercriminals compromise a third-party vendor or supplier to gain access to the manufacturer’s control systems. This attack vector has become more prevalent in recent years, and it can be challenging for manufacturers to identify and mitigate these risks effectively.
Additionally, CISA has observed an increase in spear-phishing attacks against employees and contractors who have access to control systems. These attacks use social engineering techniques to trick individuals into clicking on malicious links or providing sensitive information, allowing cybercriminals to gain unauthorized access to control systems.
Finally, CISA warns that manufacturers must be vigilant about the security of their remote access solutions, as cybercriminals can exploit vulnerabilities in these systems to gain access to control systems. Manufacturers must ensure that their remote access solutions are appropriately secured and monitored.
Protecting Sensitive Data in the Manufacturing Industry: Best Practices for Data Security
Manufacturing companies should implement a comprehensive data security policy that covers all aspects of data handling and protection. This policy should include guidelines for data access, storage, transfer, and disposal. It should also define roles and responsibilities for all employees involved in data handling and provide training on data security awareness and best practices.
Another critical aspect of data security in the manufacturing industry is network security. All manufacturing companies should have a robust network security system in place to protect against cyberattacks, such as firewalls, intrusion detection systems, and antivirus software. Additionally, regular security assessments and vulnerability testing should be conducted to identify and address any potential security gaps.
Manufacturing companies should also have a disaster recovery plan in place to quickly recover from data breaches or other security incidents. This plan should include regular data backups, off-site storage of backup data, and clear procedures for restoring data in case of a security breach.
By following these best practices for data security in the manufacturing industry, companies can better protect their sensitive data from cyberattacks and minimize the risk of financial and reputational damage.
Need Help?
We regularly see the results of cybercrime that is attempted and stopped (for our customers) and that got completely out of hand and resulted in tragedy (with new prospects we meet all the time).
Sabre IT has worked with hundreds of manufacturers. We have been providing IT services for over 20 years. We have worked with scores of industrial businesses; helping to ensure cyber security for manufacturing businesses. To learn more, read our comprehensive eBook titled Cyber Security Essentials for Manufacturers.
Call us at 226-336-6259 or contact us at itsales@sabrelimited.com today to learn more.
