May 30 Webinar | SOC Talk: Automating Threat Response
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
May 01, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
The cyber risk facing the manufacturing sector is likely greater at this point than ever before. Cybercriminals have demonstrably pivoted towards targeting manufacturing sector companies, likely after recognizing the sensitivity of manufacturing towards extended outages. This observation has been confirmed by our analysis of ransomware activity in 2021 and 2022. There is also an ever-present threat from nation-state attackers, looking to access intellectual property held by manufacturing companies and exploit the relationship between vendors to move laterally. The following blog details why manufacturing is such an attractive target.
Since the turn of the industrial revolution, the global economy’s health has inherently been linked to manufacturing; innovation and financial growth can only be achieved with a consistent and robust manufacturing output. Productivity growth in other sectors of the economy is also a result of innovations in the manufacturing sector. For example, the food and beverages and farming sectors are inherently dependent on the continual output of chemicals, fertilizers, pesticides, and agricultural machinery.
One reason manufacturing could be identified as a sector to target is because of its inherent susceptibility to outages. Nowadays, the production of goods and products simply can’t happen without the consistency of IT processes; this has largely coincided with the adoption of digital transportation programs and smart technology that is designed to improve efficiency. However with these improvements come some risks; if the lever gets pulled and production can’t continue, manufacturing ceases to function. You could probably say that about a lot of sectors, but manufacturing, in particular, will significantly suffer from extended periods of downtime.
The manufacturing sector also contains partnerships with almost every other sector, including government, defense, healthcare, and technology. Those associations provided excellent opportunities for threat actors, such as the ability to access to intellectual property (IP) and to move laterally into other networks of interest. We’ve previously reported on the motivations of the Peoples Republic Of China (PRC) linked threat groups, who are mostly concerned with the mass exfiltration of sensitive data to support China’s technological and economic ambitions. This is also relevant to Russian state-sponsored groups, many of whom will likely be tasked with identifying and stealing IP following the fallout of Russia’s invasion of Ukraine; one example of this fallout is the lack of smart weaponry being used by Russia in the conflict, due to the impact of western sanctions on certain technological parts. If Russia can’t produce them on their own, and they can’t import them from the West, you can guarantee they’ll try and steal the IP for them.
It’s also possible that the manufacturing sector simply isn’t as resilient to cyber threats as others. This may be down to a lack of resources, a lack of understanding of the threats, or simply due to the nature of this business. This was emphasized by a recent report issued on cloud security which identified the scale of problems facing manufacturing companies when attempting to secure data.
While it’s only one example, my thoughts immediately went to the case of United Structures of America, a construction company that went under due to the impact caused by a ransomware attack. In the incident, the company couldn’t recover their files due to a lack of working backups (that hadn’t been tested), had no incident response or insurance, and were forced so were forced to pay the attacker’s demands. The company was then hit by ransomware again, and unfortunately was forced to cease operations as a result of the incident. There’s an interview with the Wall Street Journal that emphasizes how quickly things went wrong for this company.
While we’re on the topic of ransomware, Digital Shadows (now ReliaQuest)’ analysis of ransomware activity, by tracking postings on individual ransomware group’s data leak sites, identified that manufacturing was the most commonly targeted sector in the last 6 months. This was also almost twice as large as the second most targeted sector. Similar results were also observed in 2021 and are likely to continue for the medium-term future (3-6 months). This can be seen in the graphic below, identifying the number of ransomware posts per sector for six months preceding 16 August 2022.
Without trying to teach everyone reading this to suck eggs, it’s almost certain that we’ll see similar or increased levels of activity from ransomware groups in the remainder of Q3 and Q4 2022. This will of course impact numerous sectors but in particular, those involved in manufacturing—largely for the reasons we’ve outlined above.
2022 has actually seen an overall decrease in the levels of ransomware activity overall, which is likely as a result of global issues and geopolitics; yes Ukraine and Russia, REvil arrests, we’re looking at you. If you’d like a more in-depth look at the ransomware landscape, including predictions on how the activity will accelerate in Q3 and Q4 2022, check out our recent quarterly blog.
Our recent research report identified the significant risk associated with account takeover (ATO) and stolen credentials. The use of ATO permits a huge percentage of cybercrime, with over 50% of incidents reportedly resulting from the acquisition and exploitation of stolen credentials. This is a problem that has persisted for many years, despite the advancements of controls and the use of password managers, two-factor authentication, and improving password complexity requirements. This problem has coincided with a rise in initial access broker activity, who act as cybercriminal middlemen in establishing and selling exploited accesses into various networks, which of course, also go hand in hand with ransomware groups.
This is another cross-sector problem but one that is likely to be particularly prevalent in manufacturing. One of the reasons for this is the prevalence of companies being forced to adapt for remote workers, which has been prioritized following the COVID-19 pandemic and as a natural consequence of digitization. Pressure to move to remote work has resulted in an increased attack surface—which if coinciding with insufficient identity management—can present a significant risk; the example we provided earlier with United Structures of America, reportedly resulted from the compromise of an administrator’s privileged account, which had a particularly weak password.
The manufacturing sector is also a high priority for nation-state-associated threat groups, who likely recognize the opportunities for lateral movement and supply chain compromise. There is also the possibility for retaliatory attacks to be conducted at manufacturing companies in retaliation for sanctions or other geopolitical events.
Nation-state attackers are by nature extremely sophisticated and operate with varying motivations. The impact that can be caused by such groups is, therefore, less predictable than cyber criminals; e.g. the goals of a PRC-related threat group may be to establish long-term persistence and exfiltrate intellectual property, while a Russian threat group may be more destructive. Of course with manufacturing, destructive attacks can have physical consequences, which is why it’s as important as ever to keep attackers off your network.
Cyber resilience refers to an organization’s ability to continuously deliver its intended outcome, despite the prevalence of cyber attacks. As we detailed above, manufacturing is arguably one of the most susceptible to extended outages, which when combined with an often insufficient cyber security program, can present serious problems. While there’s a lot that can be mentioned here, three tips on how to strengthen your resilience to these various attackers can be seen below.
If you’re curious how intelligence can work for you, especially when it comes to your sector, assets, or digital footprint, you can take SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) for a 7-day test drive and see what the bad guys are doing out there. If you have some particular needs or questions, chances are we understand your use case, so contact us for a demo of Searchlight.