Industrial Companies At Risk As Attacks Double

Uploaded on 2021-09-17 in FREE TO VIEW, BUSINESS-Production-Manufacturing, TECHNOLOGY-Key Areas-Internet of Things

Extensive analysis of cyber threats in 2020 reveals a 91% jump in attacks on industrial companies and a 54% rise in malware-related attacks compared to 2019, according to the enterprise security experts at Positive Technologies.

Industrial manufacturing is becoming increasingly digitised as the industry is adopting automation, to a greater extent than ever before. The Industrial Internet of Things (IIoT) is bringing artificial intelligence, cloud computing and robotics into factories. 

Cyber-physical systems can now integrate all aspects of the supply chain, including operational systems and information systems, and are taking the place of outdated, siloed machines.Any factory making use of these new technologies is known as a Smart Factory, and they’re prompting what experts are calling the Fourth Industrial Revolution, or Industry 4.0.  Smart Factories will help the manufacturing industry considerably, as digital technology can offer greater efficiency in the production stage, better quality products with fewer mistakes, and more flexibility for working processes.

Positive Technologies found that external attackers can penetrate the corporate network in all these organisations, and once inside, can obtain user credentials and complete control over the infrastructure in 100% of cases. In over two-thirds (69%) of these cases, external attackers can steal sensitive data from the organisation, including information about partners and company employees and internal documentation.

“Industrial companies attract criminals by their size, the importance of business processes, and their impact on the world and people's lives... The mission of information security experts is to make sure that industrial accidents do not become a regular occurrence. To do this, it is necessary to identify unacceptable events and achieve a level of information security that will prevent such events from happening as a result of a cyberattack, “ says the Report.

In addition, penetration testers from Positive Technologies gained access to the technological segment of the network of 75% of organisations. This then enabled them to access Industrial Control Systems (ICS) in 56% of cases.

Once malicious actors gain access to ICS components, they have the opportunity to cause severe damage and even fatalities, this includes shutting down entire productions, causing equipment to fail and triggering industrial accidents.
Positive Technologies said there is a range of factors that are making these organisations vulnerable to hackers. For example, during recent pilot projects, its experts uncovered numerous suspicious events in the internal network of each industrial company. 

In one case, Positive Technologies researchers registered a Remote Desktop Protocol (RDP) connection to an external cloud storage, enabling 23 GB of data to be transferred to the address of this storage via RDP and HTTPS.

Researchers also noted that industrial companies often use outdated software and commonly save connection parameters, such as username and password, in a remote access authentication form, allowing attackers to connect to the resources of an isolated segment without credentials when they obtain control over such a computer.  “The industrial sector has become increasingly attractive to hackers in recent years. Attacks are getting more successful and their scenarios more complex. On the other hand, companies often cannot detect a targeted cyber attack on their own.” 

“More than anywhere else, the protection of the industrial sector requires modelling of critical systems to test their parameters, verify the feasibility of business risks, and look for vulnerabilities, ” says the Report.

Positive Technologies:        Infosecurity Magazine:     Swivel Secure     SDC Exec:

You Might Also Read:

Industrial Control System Security Is Overlooked:
 

« HCL & Dell Unite Against Ransomware
Australia’s Critical Infrastructure Is Under Constant Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

Dispersive Networks

Dispersive Networks

Dispersive Virtual Network is a carrier-grade software-defined programmable network that is inspired by battlefield-proven wireless radio techniques.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

Sigma IT

Sigma IT

SIGMA IT is one of the largest IT services organizations in EMEA region providing a full range of solutions and services including cybersecurity, data protection and business continuity.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Paragon Cyber Solutions

Paragon Cyber Solutions

Paragon Cyber Solutions provides specialized security risk management and IT solutions to protect the integrity of your business operations.

Tryaq

Tryaq

Tryaq are a group of cybersecurity experts and enthusiasts who share the mission to make the world feel safer online.