Sponsored By

Manufacturers Are the Top Target for Ransomware Attacks

A new report from IBM Security reveals that manufacturers lead ransomware attacks for the second year.

Rob Spiegel

February 22, 2023

3 Min Read
2 GettyImages-654400107.jpg
Peter Dazeley for Getty Images

Manufacturers are getting hit hardest by ransomware attacks. Even as attacks are down and responses to the attacks have improved, ransomware continues to be an issue in manufacturing.

IBM Security X-Force's annual X-Force Threat Intelligence Index this year shows that incidents declined 4% from 2021 to 2022, and defense efforts were more successful in detecting and preventing ransomware. Yet the 2023 report showed that manufacturing was the most extorted last year, and the most attacked for the 2nd consecutive year, accounting for about 1 in 4 attacks in 2022.

Social TII Industry Trends Animation FINAL GIF.gif

Manufacturers Can’t Stand Downtime

In manufacturing, there has long been a conflict between IT and OT teams. IT complains that OT has insufficient security. With OT, safety and availability are the prime concerns. “Lack of coordination between IT and OT teams can certainly make defending more difficult, but if we’re going to point the finger, it has to be at threat actors,” John Hendley, head of strategy at IBM Security X-Force, told Design News. “They have honed in on the fact that manufacturing as an industry has almost no tolerance for downtime. So when threat actors deploy ransomware or other disruptive malware, they have greatly increased leverage, which in turn can lead to faster payouts.”

Related:Can ML Hardware Really Detect Ransomware? Colonial Pipeline Says Yes

In recent years, OT networks at manufacturing plants have extended their reach to suppliers and customers. This can increase network exposure to attacks. “Limiting your attack surface is one of the most important initiatives for organizations that have significant OT infrastructure. But situations, where you must allow third parties access, is where zero trust principles can help create clarity for defenders,” said Hendley. “Most importantly, defenders need to assume that any third-party connections are already compromised. By starting from this ‘assume breach’ mentality, defenders can build security into the architecture of those connections to increase the time it takes threat actors to move throughout the environment, and increase the chances of detection before they reach their objective.”

Manufacturing organizations are an attractive target for extortion since they have an extremely low tolerance for downtime. According to the National Association of Manufacturers (NAM), ransomware attackers often target manufacturers by disabling their operations technology and blackmailing them into paying to restore the functionality of their systems. Manufacturers that cannot afford to have production halted by hacks often have no choice but to pay the hackers’ ransom. NAM noted that manufacturers need to take steps to modernize and secure their IT and OT systems to avoid attacks.

The Stats Behind the Attacks

IBM Security X-Force revealed the statistics:

  • Manufacturers Hard-Hit by Extortion. At 27%, extortion was the #1 impact of cyberattacks in 2022, data theft followed closely behind at 19%. Of all industries, manufacturing was the most extorted last year, and the most attacked for the 2nd consecutive year, accounting for about 1 in 4 attacks in 2022. Ransomware and backdoor deployments together made up more than half of all incidents observed in 2022.

  • OT systems are low-hanging fruit for attackers. OT systems are often difficult or impossible to patch, making them highly susceptible to older threats, which cybercriminals are increasingly exploiting. Even with a drop in ICS vulnerabilities reported in 2022, vulnerability exploitation remained one of the top causes of cyberattacks on manufacturing in 2022.

  • Ransomware: Too Big to Fail.  Backdoor deployments were the top attacker action last year, and about 67% of those cases were failed ransomware attacks (where defenders were able to disrupt the backdoor before the ransomware was deployed). Even with improved defenses, the impact was minimal with ransomware’s share of incidents declining only 4 percentage points in 2022.


About the Author(s)

Rob Spiegel

Rob Spiegel has served as senior editor at Electronic News and Ecommerce Business, covering the electronics industry and Internet technology. He has served as a contributing editor at Automation World and Supply Chain Management Review. Rob has contributed to Design News for 10 years.

Sign up for the Design News Daily newsletter.

You May Also Like