A recent report shows that ransomware attacks were up 25 percent across all industries in Q1 of this year. No industry was safe but the manufacturing industry was shown to be the most at risk, with an increase in ransomware attacks of 156 percent. Not only are cyberattacks on manufacturers and fabricators skyrocketing but the costs of dealing with the fallout is also increasing, as the average ransomware payments are up 33 percent. The damage to manufacturers is not just the cost of a potential ransom but also the potential shut down in production, with the average business shut down for an average of two weeks after a cyber incident.
The data may be startling to those in the manufacturing industry as most companies do not disclose when they have suffered a ransomware attack. In fact, Honda recently was forced to admit that it had to close factories in Ohio and put some of its manufacturing on hold after cybersecurity researchers found evidence of ransomware that was customized based on the Snake family to lock internal Honda networks. Honda last reported that several of its plants in Ohio were still offline and tweeted that Honda Customer Service and Honda Financial Services were unavailable on June 8th. Yesterday, Honda tweeted that both services were now up and running, two weeks later.
As hackers have started to move away from selling stolen data and towards holding data ransom, manufacturers have become popular targets because few can afford being shut down for extended periods. Bad actors use malware delivered through phishing attacks that take control and shut down manufacturing equipment unless they are paid a ransom. Ransomware can spread quickly in manufacturing plants since the industry has been quick to embrace interconnected devices.
Manufacturers and fabricators that are unable to produce end up causing disruptions up and down the supply chain. Shutdowns due to Coronavirus are damaging enough but may be understandable to clients and partners. Shutdowns due to ransomware on the other hand may be inexcusable, especially if the attack was preventable.
Overall, as the pandemic has unfolded, hackers have shifted their tactics and focus. All employees working from home, not just in manufacturing, present exploitable openings to bad actors unless proper precautions are taken. Reports show that more than half of organizations polled transitioned to remote work during quarantine having never allowed for regular remote work previously.
While remote work may be a novelty to most businesses, for hackers it means more opportunity. Cyber attackers know that there are employees of targeted entities who are working from personal computers that do not have the technical protections normally enjoyed in the workplace. Home networks also rarely have the managed endpoint protections or regular patches that are necessary to continuously keep data safe. Even organizations that have strong cyber policies in place, often have not designed these policies for distributed environments.
While the malware used to lock down systems and networks may be difficult to defeat, preventing malware from entering a network is usually as simple as looking out for suspicious emails.
Phishing attacks continue to be the most popular cyberattack tool. Phishing attacks are nothing more than deceptive emails that trick recipients into taking an action that exposes their network. A popular tactic among hackers during quarantine has been to send emails where the sender poses as a government official reaching out regarding Covid-19. The message will create a sense of urgency asking the recipient to take an action such as revealing protected information, downloading an infected document or following a link to a malicious site.
The vast majority of ransomware malware is delivered in this way. Protecting your company from being another statistic starts with educating your employees on taking proper precautions. If you are unsure about your cybersecurity protections, reach out to Alliant Cybersecurity for a gratis impact assessment and find out where you are most vulnerable.