Manufacturing businesses are seeing higher-than-normal rates of cyberattack-related reconnaissance and lateral movement activity.
This is due to the convergence of IT with IoT devices and Industry 4.0 initiatives, according to a new report from AI-powered attack detection specialists Vectra
"The disconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of industrial internet-of-things (IIoT) devices, has created a massive, attack surface for cybercriminals to exploit," says Chris Morales,head of security analytics at Vectra.
State
affiliated attackers accounted for 53 percent of attacks on manufacturing,according to the 2018 Verizon Data Breach Industry report. The most common types of data stolen were personal (32 percent), secrets (30 percent) and credentials (24 percent).
Analysis of data from Vectra’s Cognito threat detection and hunting platform shows a much higher volume of malicious internal behaviours in manufacturing, which is a strong indicator that attackers are already inside the network. There is also an unusually high volume of reconnaissance behaviour, which indicates that attackers are mapping out manufacturing networks in search of critical assets. A high level of lateral movement is another strong indicator that the attack is proliferating inside the network.
The study shows a growth in data smuggling — where an internal host device controlled by an outside attacker acquires a large amount of data from one or more internal servers and then sends a payload to an external system — between January and June too.