The manufacturing sector, which the report says includes companies that make a wide variety of goods, from chemicals and machinery to transportation equipment and electronics, and Internet-of-Things (IoT) devices. It experienced 10 percent of the total attacks and incidents.

The 2018 IBM-sponsored Ponemon study on the cost of data breaches found industrial manufacturing was also the third-most likely sector to experience a data breach, the report said. As the majority of cyber incidents in the manufacturing sector do not involve customer information that is subject to legal disclosure regulations, the percentage of publicly disclosed events in this industry is low when compared with other sectors. The numbers are therefore likely to be higher than those reported.

New attack tactics may lead to damage to physical infrastructure

Most attacks on manufacturing companies appear to target intellectual property (IP) and trade secrets, the report said. Confidential business communications, such as executives’ email correspondence or company bank accounts are particularly lucrative targets for cybercriminals, nation-state groups, and even paid hackers hired by a competitor. This sector also absorbs business email compromise (BEC) attacks since manufacturers often wire substantial amounts of money to countries in Asia, Africa, and other developing regions.

While only a handful of incidents in the manufacturing sector have included attacks on industrial control systems or infrastructure, future trigger events or new attack tactics may lead to damage to physical infrastructure — and potentially human lives, the report said. At a time when organizations feel outmatched by nation-state hackers, the manufacturing sector must rethink the security of its operational zones and its preparedness to respond to potential attacks of this nature.

Another area listed separately in the top ten is the energy sector, which totaled six percent of attacks and incidents.

Organizations in the energy sector are a prime target for cyber-attacks. To begin, they are the backbone of every country’s critical infrastructure, the report said. Energy is central to the economic, national security, and day-to-day function of cities and industries.

Threat actors targeting this sector are most often deployed by hostile nation-states. Destructive Shamoon attacks affecting oil and gas organizations in Saudi Arabia and the United Arab Emirates (UAE) resurfaced in December 2018, highlighting the vulnerability of this industry and the detrimental effect of outages on operations and revenue, the report said. First emerging in 2012 and later in 2016 targeting oil and gas industry, Shamoon is a wiper malware designed to destroy computer hard drives by wiping the master boot record (MBR), making data irretrievable. Unlike ransomware, which holds the data hostage for a fee, Shamoon attacks cannot be reversed for a payment.

Hacktivists with a political agenda

Financially motivated cybercriminals may also attack energy companies if they believe they can monetize the attack quickly by stealing sensitive information and selling it to a competitor, or by targeting the company’s bank accounts, the report said.

Hacktivists with an environmental agenda or others attempting to make a political statement of some kind have also been part of the landscape of threat actors who attack the energy sector, the report said. They are likely to do so again.

An attack on the energy sector has a greater potential for subsequent outage and cascading effects on additional sectors when compared with attacks on other industries, since every enterprise, government, and military operation tends to rely on energy for its everyday function, the report said.

Source: ISS Source