Nearly 30% of ransomware attacks worldwide launched by the world’s largest ransomware gang, Conti, targeted the manufacturing industry, according to recent findings by Akamai Technologies.
The business services and retail industries were the next most frequently targeted at 13.37% and 11.14%, respectively.
“Manufacturing is one of Asia Pacific’s most valuable industries – it is estimated that the region can generate up to $600 billion a year in additional manufacturing output by 2030,” said Dean Houari, Akamai director of security technology and strategy in Asia-Pacific including Japan.
“Attackers remain financially motivated, and the manufacturing industry presents a prime target for ransomware attacks, since they cannot afford downtime and disruption especially when long supply chains depend on parts or products,” said Houari. “Very often, manufacturers end up paying the ransom to reduce disruption to operations or the delivery of products to customers.”
Akamai’s findings are based on research into Conti, one of the world’s world’s most prolific Ransomware-as-a-Service (RaaS) providers. Gangs like Conti have been leveraging the industry’s rapid digitalization for their benefit.
In providing RaaS, these gangs make their most effective tactics, techniques, and procedures (TTPs) available by selling them to other hackers.
In the context of manufacturing, attacks can have far-reaching consequences, including supply chain disruptions. When disruptions happen in critical industries such as pharmaceuticals, food and beverage, transportation and even medical devices, the impact on the lives of citizens can be significant and long-term.
The ransomware attack on Brazil-based JBS, the largest meat producer globally, is an example that demonstrates the far-reaching impact of attacks on manufacturers. In the JBS case, attackers were able to forcibly shutdown all its US beef plants, effectively stopping the production of a quarter of American meat supplies.
Akamai lists three steps to secure manufacturing businesses from ransomware attacks. First, is adopting software-defined micro-segmentation.
Manufacturers should start with a flat, underlying network and then apply a software-defined overlay that can work consistently across all of its environments and technologies. This will shrink the attack surface by breaking their network into small segments.
Second is to create a detailed response plan. All manufacturers are now a target for advanced persistent threats (APT). As such, they should preemptively create and plan breach mitigation policies to reduce response time once malware is detected, in the event that a persistent attacker gets in.
More importantly, plans should also be created for the recovery process — consider which applications and sections need to come back online first and create policies accordingly to keep them secure while the rest of the network is restored.
Third is to protect the crown jewels and their back ups. Manufacturers should ring fence their critical applications or crown jewel servers and their backup. This will ensure that attackers do not gain additional leverage and prevent critical systems and business operations from coming to a halt.