Cyberattacks against the manufacturing industry are increasing, as evidenced by the 15% increase in attacks in the third quarter of 2023 as compared to 2022. Being in the midst of Industry 4.0, the fourth industrial revolution, there's a growing prevalence of high speed internet connectivity, the cloud, industrial internet of things (IIoT) devices, smart sensors, and other technological advances. While these have provided major benefits, they also present cybersecurity risks in the manufacturing industry. To tackle the increased attack surface and fortify cybersecurity in manufacturing, organizations should deploy a user and entity behavior analysis (UEBA) solution as part of their security strategy.
In this page, we will cover:
Cybersecurity is crucial in the manufacturing industry due to the following reasons:
Operational continuity: The manufacturing industry increasingly relies on interconnected systems and automated processes. Cyberthreats can disrupt these operations, causing significant downtime, production delays, and financial losses. Ensuring robust cybersecurity helps maintain the integrity and reliability of production systems in manufacturing facilities and ensures operational continuity.
Supply chain security: The manufacturing industry relies on a complex network of suppliers, vendors, and partners to source raw materials, components, and services. A cyberattack on any part of this chain can result in cascading effects, disrupting the entire production process and impacting overall manufacturing operations. Implementing strong cybersecurity measures helps safeguard the supply chain from such disruptions and helps maintain business productivity.
Protection of intellectual property and other sensitive data: Manufacturers invest significant resources in R&D to innovate new products, processes, and technologies. Without adequate cybersecurity measures in place, intellectual property such as proprietary designs, formulas, and manufacturing methods are at a risk of being stolen or compromised by cyberattackers. Moreover, manufacturers also handle other sensitive data, such as trade secrets, financial data, customer information, employee information, supplier details, and operational and strategic information. Attacks involving data breaches can result in financial losses, legal issues, reputational damage, and loss of competitive advantage for manufacturing companies.
Regulatory compliance: Manufacturers must comply with country-specific regulations regarding data protection and cybersecurity to avoid penalties and legal repercussions. Deploying a unified SIEM solution like ManageEngine Log360 can help manufacturers ensure compliance with standards such as the General Data Protection Regulation (GDPR).
Mitigation of cyber-physical risks: In the manufacturing sector, cyberattacks can have physical consequences, potentially endangering human lives. For instance, attackers targeting supervisory control and data acquisition (SCADA) and industrial control systems (ICS) can manipulate control parameters, leading to equipment malfunctions or damage. ICS attacks can also result in safety hazards. For instance, targeting a petrochemical company in an attempt to cause explosions, as witnessed in Saudi Arabia. Cybersecurity measures such as network segmentation, access controls, regular security assessments, and employee training are vital to prevent such scenarios and ensure the safety of workers and equipment.
Protection against cyberattacks: The manufacturing industry faces a myriad of cybersecurity risks, such as the use of legacy systems and equipment, cyber espionage, data breaches, ransomware attacks, phishing and social engineering attacks, insider threats, IoT vulnerabilities, and supply chain attacks. To ensure manufacturing security, organizations should deploy a UEBA-integrated SIEM solution like Log360, which can help them prevent and defend against such threats.
UEBA, the anomaly detection engine of modern SIEM solutions, is a crucial tool for detecting and thwarting cybersecurity threats in the manufacturing industry. It leverages advanced analytics and machine learning to provide deep insights into user and entity behavior.
UEBA continuously monitors the behavior of users and entities within the network to establish a baseline of expected activity. Any deviation from the norm will immediately trigger an alert to the security analyst, allowing prompt responses to potential cyberthreats. With its advanced analytics, UEBA recognizes subtle indicators of compromise that might evade traditional security measures. Spotting attack vectors early with UEBA reduces the manufacturing organizations' mean time to detect and respond to security risks.
Moreover, UEBA extends its monitoring capabilities to ICS and other operational technology to prevent and thwart cyber-physical attacks. By identifying unusual commands or patterns in ICS, UEBA helps prevent potential sabotage or disruptions in manufacturing processes. By leveraging a SIEM solution with UEBA capabilities like Log360, manufacturing companies can strengthen their cybersecurity defenses, enhance their threat detection, and proactively mitigate risks to safeguard their critical assets and manufacturing operations.
Let's look at a few examples to better understand the role of UEBA in the manufacturing industry.
Cybersecurity solutions like UEBA can play a crucial role in the manufacturing industry as demonstrated by the examples below. These examples can also be considered as cybersecurity use cases in the manufacturing industry.
Dr. Ryan Cooper is a product development scientist at Ecocog, one of the most prominent electric vehicle manufacturing companies in the world. Cooper regularly downloads design applications from vendor websites for research purposes.
Unbeknownst to Cooper, a hacker group called Red Panda has been trying to gain entry into Ecocog's network. After numerous failed attempts to penetrate the network through phishing attacks, Red Panda decides to utilize the watering hole technique, which involves infecting websites that the target frequently visits, to gain entry. To the group's delight, Cooper downloads industrial design software from a vendor's website compromised by Red Panda.
Red Panda tries to steal information about Ecocog's SCADA devices.
The downloaded software contains malware that includes an open platform communication (OPC) scanning module and a remote access Trojan that works in tandem to relay information about the SCADA devices in the network to the hackers' command and control (C&C) server. Once the software is downloaded, the malware begins running in the background. The OPC scanner sends multiple queries to the remotely connected SCADA devices and creates numerous text files to store the returned values.
While Red Panda eagerly waited for the malware to send them information about the manufacturing units, the UEBA solution, which Ecocog had recently incorporated, detected pattern and count anomalies as the malware made multiple queries to the SCADA servers and created numerous text files in quick succession. Once the anomalies were detected, the risk score of Cooper's workstation spiked, alerting the IT administrators who quarantined the system before it could transmit information to the C&C server, once again successfully thwarting Red Panda's attempt to steal sensitive data.
Thomas Vegetable Oil Inc., a major player in the edible oil manufacturing industry, was in the news recently as it succumbed to a Wiper attack. In this attack, malware completely erased the master boot record of thousands of computers belonging to the network, bringing the company to a complete standstill. The hackers made their way into the industrial floor of the network by compromising the organization's connected gas leakage sensor using password spraying.
From the sensor, which is a peripheral device, they moved laterally into the network, gaining access to the central server to which the sensor routinely transmits data, and tactically planted the malware. Even though the company had all its data backed up, recovery proved to be time-consuming. Thomas Vegetable Oil Inc. incurred steep losses when the plant was shut down for the several days it took to recover from the attack.
Thomas Vegetable Oil Inc. faces complete data loss due to the Wiper attack.
Such a catastrophe could have been prevented had Thomas Vegetable Oil Inc. had an efficient UEBA tool in place. UEBA is adept in monitoring not just the user accounts but also various IIoT devices that form a manufacturing company's ecosystem. By feeding the logs generated by fire and gas leakage sensors into a UEBA solution, pattern and count anomalies would have been spotted the moment hackers performed the password spray attack. Consequently, the risk score of the targeted entities would have gone up, notifying the IT administrators of a potential threat.
Jeff Carter was a newly hired sales trainee at Quikseal. Quikseal is an adhesive manufacturing company that recently made waves by creating a biodegradable duct tape. Unknown to the recruiters, Carter's true intention to join the organization was to steal information about the company's manufacturing technique. He won the trust of George Simon, a quality engineer, who has access to the production files. Carter kept a close eye on Simon and discovered his account password.
One day, Carter stayed after office hours and used his PC to sign in to Simon's account. He accessed several files to locate the documents that contained information about the duct tape. As he spotted the folder containing the information he wanted and was about to copy it to his USB stick, the organization's information security officer paid him a visit. Carter was unaware that Quikseal employed UEBA to monitor its network. The UEBA solution efficiently identified time and pattern anomalies, as it was unusual for Simon's account to be accessed after working hours and from a workstation other than his own. The risk scores of Simon's account and Carter's PC increased substantially, warning the IT administrators of a potential mishap.
Carter was arrested for attempting to steal Quikseal's trade secrets.
While Carter was sentenced to prison for attempting to steal intellectual property, Simon was warned and received customized cybersecurity training on cyber hygiene and best practices to protect against account misuse.
Organizations in the manufacturing sector are no longer targeted by only individuals or groups of hackers for monetary or personal gains. With nations competing against one another, sophisticated, state-sponsored attacks have become all too real. The antagonists in scenarios like these may be far more dangerous than Red Panda or Jeff Carter, and the repercussions could be even more devastating as the state of a country's economy is significantly dependent on the state of its manufacturing sector.
Proactive cybersecurity measures like implementing a UEBA solution are a vital part of safeguarding the critical infrastructure of manufacturing units. ManageEngine Log360 is a comprehensive SIEM solution with integrated UEBA capabilities. By leveraging ML, threat intelligence, and other advanced analytics, Log360 can help organizations in the manufacturing sector detect and thwart both insider threats and external attacks. To learn more, sign up for a personalized demo and talk to our solution experts.
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.
