The Cyble Global Sensor Intelligence gauged threats and the risk scenario surrounding the manufacturing sector to bring forth groundbreaking insights to help strengthen its security.
The research was published under the title, Manufacturing Sectoral Report, July 2023, which presented exposure to industries that work along with the sector in several ways.
Manufacturing Sector Report: Addressing Security Threats
According to the Manufacturing Sectoral Report by Cyble, the sector suffered the highest number of ransomware attacks in May (47), followed by April (37), March (36), and June (33).
The critical manufacturing sector shoulders the herculean task of working in collaboration with several industries. These industries work in the handling of metals, machines, electrical equipment, transportation equipment, appliance, and many others.
One cyber attack on the manufacturing sector leads to the disruption of several services, creating a chain of attacks.
Safeguarding the manufacturing sector is of national importance as it is a vital part of the National economy, the Cyble report added.
Cyble Providing Threat Intelligence
Cyble noted that threat actors manipulate security gaps that make way for a successful breach of security.
The Cyble Global Sensor Intelligence (CGSI) for the manufacturing sector noticed loopholes in the security infrastructure that could be used by the industry to patch systems.
CGSI made the following revelations about the threat exposure of the industrial control system (ICS) –
- Modbus – The connecting medium for critical components suffered several attempts of attacks in June 2023. It was also claimed to be attacked by the cybercriminal group GhostSec.
- S7Comm – Used in large scale industries for data sharing was targeted extensively by cybercriminals in July this year with over 450 attempts.
- EtherNet/ IP – This protocol that enables information exchange between equipment, robots, tools etc., was found to be targeted with nearly 600 attempts of attacks in June this year.
Utilizing VNCs for Industrial Control Systems Access and Vulnerability Exploitation
Cyble researchers found instances on the dark web involving the trade of a list of IPs connected through Virtual Network Computing (VNC). They further uncovered within their findings a dark web vendor advertising easily accessible VNCs, openly providing a gateway to the SAW Control System.
With over 140% quarter-over-quarter increase in ransomware attacks on the manufacturing sector, it has become the need of the hour to resort to enhanced threat intelligence to protect the sector.
And not just the sector in terms of infrastructure, Cyble noted that threat exposes countless personnel involved in several critical tasks on the field.
Vulnerabilities were found to be a major cause of concern that exposed critical manufacturing sector assets mostly belonging to the United States to threat actors.
The US was followed by Italy, France, and Switzerland in terms of threats and ransomware attacks on the nations’ manufacturing sector.
The following is a list of vendors, products and vulnerabilities in systems impacting the manufacturing sector
- Advantech – R-SeeNet: versions 2.4.22 and prior, CVE-2023-2611
- Advantech – WebAccess/SCADA: All versions before 9.1.4, CVE-2023-1437
- Mitsubishi Electric Corporation – MELSEC Series CPU module, CVE-2023-1424
- Johnson Controls Inc. – OpenBlue Enterprise Manager Data Collector: Firmware versions before 3.2.5.75, CVE-2023-2024
- Teltonika – Teltonika’s Remote Management System version 4.14.0, CVE-2023-2586
- Rockwell Automation – Rockwell Automation Kinetix 5500 devices, CVE-2023-1834
- Industrial Control Links – ScadaFlex II SCADA Controllers, CVE-2022-25359
- Rockwell Automation – ThinManager ThinServer, CVE-2023-27855
- AVEVA – AVEVA Plant SCADA and AVEVA Telemetry Server, CVE-2023-1256
- Omron – CJ1M PLC, CVE-2023-0811
Various sectors face cyber threats, with the critical manufacturing industry standing out as a primary target. These attacks and threats to the critical manufacturing sector point towards the need to improve cybersecurity.
It is essential to opt for early threat detection that can prevent danger to the machinery, data, and lives. Besides threat intelligence, it is necessary that the staff are trained to detect and report incidents to reduce the scope of human error leading to successful cyber attacks.
Also, it is important to have adequate staff across the sector so information reaches the right person and appropriate measures are taken in time.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
