Q3 Cyber Threat Report: The Ransomware Ecosystem is Increasingly Distributed
Ransomware attacks remained high in Q3 2024 thanks to the RansomHub, PLAY, and LockBit 3.0 ransomware gangs. Check out the full cyber report for more info.
The frequency of ransomware attacks on the manufacturing industry increased by a whopping 1177% between Q1 2021 and Q1 2023, based on data from Corvus’s Threat Intel team. And the payouts were exorbitant. In 2022, according to Sophos, those who paid a ransom faced the highest average cost of all sectors, at an average of $2,036,189. In short, threat actors continue to put manufacturers' necks on the production line.
This post will spotlight why manufacturers are especially vulnerable and what they face today based on data from our Threat Intel findings. We’ll also look at what manufacturers are doing right and how they can further mitigate cyber risks.
Compared to other industries, manufacturers have lagged in adopting software and technology. Saddled with outdated and expensive-to-overhaul legacy systems, manufacturers failed to keep up with tech advancements, creating incompatibilities with digital solutions and inhibiting much-needed vulnerability patches.
Enter IoT: after an increasing push for efficiency and competitive advantage, manufacturers ushered in a new era of "smart factories." While artificial intelligence and cloud computing are relatively new in this sector, three-quarters of large manufacturers have incorporated IoT devices into their production lines.
IoT connectivity reduces downtime and delivers data to optimize performance, but it also significantly expands the surface area for attacks. And rapid digitization leaves room for error, especially if security controls are lacking.
Today, manufacturing remains a key target for cybercriminals. In 2021, ransomware gangs targeted manufacturers more than any other sector. A year later, manufacturers retained the crown as the most-targeted sector — even as ransomware attacks slowed overall.
In targeting manufacturers, cybercriminals rely on the consequences of havoc and downtime to garner massive payouts. One successful breach can halt or delay an entire global supply chain and have far-reaching consequences. To see how this can play out for a manufacturer, let’s look at how similar technologies were exploited at Colonial Pipeline in May 2021. The 5,500-mile pipeline provides nearly half of the East Coast's fuel supply, making the hack the largest publicly disclosed cyberattack on critical infrastructure in the U.S.
The attackers stole 100 gigabytes of data within a two-hour window via an exposed password to their VPN — a major crisis that could have been avoided with stronger security controls, like MFA. Following the data theft, the attackers infected the Colonial Pipeline IT network with ransomware that affected many computer systems, including billing and accounting. Colonial Pipeline shut down the pipeline to prevent the ransomware from spreading.
Had threat actors been able to access operational technology, the breach may have been even more devastating. Still, the Colonial Pipeline attack sent a clear message to manufacturers: strengthen your defenses and adequately segment systems as you digitize.
But manufacturers suffer from more than just a lack of security controls. Vulnerability management has been the sector’s Achilles Heel — with 47% of attacks originating from unpatched vulnerabilities. While this is a fundamental issue for organizations stuck with legacy systems they can’t patch, even technologically advanced manufacturers often fall behind on their vulnerability management.
This issue is particularly important to note, as recent trends in Corvus claims data suggests that the exploit of external vulnerabilities will be the leading method of entry for ransomware actors in 2024.
Adding to the challenge, threat actors know the high stakes of an attack. In fact, they count on it. For manufacturers, there's a low tolerance for downtime, increasing digital touchpoints with third parties, and a larger surface area to infiltrate. And the threat is only heating up.
On the bright side, manufacturers have responded to the rise in attacks — and are fighting off cybercriminals — by implementing more robust security controls. According to Sophos:
70% of manufacturers have implemented new cybersecurity technologies and services, the highest across all industries
63% have increased cyber awareness training and education activities. Again, the highest across all industries
59% have changed processes and behaviors
Even as the manufacturing industry improves at detecting and preventing cyberattacks, threat actors will continue to innovate. That’s why, at Corvus, we want to partner with manufacturers to help manage the risks they face. Our underwriters have the necessary cyber expertise and real-time data insights to meet the manufacturing sector’s needs.
Better yet, it’s now easier than ever for manufacturers to put an experienced, committed cyber insurance partner at the top of their bill of materials. Learn more about the broad policy language, competitive terms, and endorsements we offer with manufacturers in mind.