Manufacturers Are the Top Target for Ransomware Attacks

Manufacturers are getting hit hardest by ransomware attacks. Even as attacks are down and responses to the attacks have improved, ransomware continues to be an issue in manufacturing.

IBM Security X-Force's annual X-Force Threat Intelligence Index this year shows that incidents declined 4% from 2021 to 2022, and defense efforts were more successful in detecting and preventing ransomware. Yet the 2023 report showed that manufacturing was the most extorted last year, and the most attacked for the 2nd consecutive year, accounting for about 1 in 4 attacks in 2022.

Manufacturers Can’t Stand Downtime

In manufacturing, there has long been a conflict between IT and OT teams. IT complains that OT has insufficient security. With OT, safety and availability are the prime concerns. “Lack of coordination between IT and OT teams can certainly make defending more difficult, but if we’re going to point the finger, it has to be at threat actors,” John Hendley, head of strategy at IBM Security X-Force, told Design News. “They have honed in on the fact that manufacturing as an industry has almost no tolerance for downtime. So when threat actors deploy ransomware or other disruptive malware, they have greatly increased leverage, which in turn can lead to faster payouts.”

Related:Can ML Hardware Really Detect Ransomware? Colonial Pipeline Says Yes

In recent years, OT networks at manufacturing plants have extended their reach to suppliers and customers. This can increase network exposure to attacks. “Limiting your attack surface is one of the most important initiatives for organizations that have significant OT infrastructure. But situations, where you must allow third parties access, is where zero trust principles can help create clarity for defenders,” said Hendley. “Most importantly, defenders need to assume that any third-party connections are already compromised. By starting from this ‘assume breach’ mentality, defenders can build security into the architecture of those connections to increase the time it takes threat actors to move throughout the environment, and increase the chances of detection before they reach their objective.”

Manufacturing organizations are an attractive target for extortion since they have an extremely low tolerance for downtime. According to the National Association of Manufacturers (NAM), ransomware attackers often target manufacturers by disabling their operations technology and blackmailing them into paying to restore the functionality of their systems. Manufacturers that cannot afford to have production halted by hacks often have no choice but to pay the hackers’ ransom. NAM noted that manufacturers need to take steps to modernize and secure their IT and OT systems to avoid attacks.

The Stats Behind the Attacks

IBM Security X-Force revealed the statistics: