CYBERSECURITY FOR MANUFACTURING
ACID Technologies provides manufacturing facilities with 24/7/365 dark web monitoring services, while also monitoring the deep web and multiple additional sources and platforms. When detecting a threat, ACID sends real-time, actionable alerts with all available information, to enable the facility to effectively respond to the threat and mitigate harmful impact on its operation, whether disruption / shutdown, ransom demand, data theft or other. Importantly, ACID’s cost-effective solution for manufacturers does not require a pause in the production process in order to install components, reconfigure systems, etc. On the contrary, it supports their continuous operation and helps protect them from incurring losses resulting from disruption and costly ransom payments.
What makes manufacturing facilities attractive to cybercriminals?
In its X-Force Threat Intelligence Index 2024, IBM identifies the manufacturing industry as the most attacked for the third year in a row. It is important to remember that an attack on a manufacturer does not always end there; it can also spread to additional organizations in the supply chain.
Manufacturing facilities are eager to avoid disruptions in order to fulfill orders on time and avoid losses impacting their bottom line and reputation; cybercriminals recognize this as contributing to their vulnerability. The perceived essentiality of uninterrupted production can come at the expense of system upgrades which are necessary to enhance the level of security, but which impact operation.
The outsourcing of many secondary business processes in the manufacturing industry is also a vulnerability. The companies executing these processes for the manufacturer often lack the necessary resources, or are reluctant to allocate them to maintaining the required level of cybersecurity.
Which modes of attacks are most frequent in the manufacturing industry?
Malware attacks, most often, ransomware attacks, are responsible for the majority of cyber attacks directed at the manufacturing industry.
As cybercriminals continue to seek the easiest ways to gain access to their targeted organizations’ systems, they have recognized the effective use of malware, through which they can harvest credentials that can be used to log into enterprise environments and execute their attacks. In 2024, IBM reported a global increase of 71% in attacks perpetrated through use of valid accounts in all industries (X-Force Threat Intelligence Index 2024); this is expressed in the manufacturing sector as well.
The exploitation of generative AI by cybercriminals is expected to constitute a challenge in itself, as it is likely to help them single out vulnerable and potentially lucrative targets and increase their chances of success.
What are some of the recent attacks on manufacturers, which illustrate the extent of damage incurred?
- In January 2025, Hewlett Packard Enterprise (HPE) shared the following with BleepingComputer: “HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE.” IntelBroker announced the sale of the information it purportedly stole, claiming that it had gained access HPE’s API, WePay, and (private and public) GitHub repositories for at least two days and stole certificates (private and public keys), Zerto and iLO source code, Docker builds, and old user personal information used for deliveries, as reported by BleepingComputer.
- In September 2024, Kawasaki Motors, the Japanese vehicle manufacturer, issued a statement revealing that its offices in Europe were recovering from a cyber attack that “resulted in the company’s servers being temporarily isolated until a strategic recovery plan was initiated later on the same day.” Although Kawasaki claimed that the attack was not successful, the group behind it, RansomHub, claimed that it had stolen 487 GB of data from the company.
- In August 2024, the US Securities and Exchange Commission (SEC) reported that US-based Microchip Technology was targeted in a ransomware attack. Some of the company’s business operations and servers were impacted and shut down in response. The attack left some of Microchip Technology’s manufacturing facilities operating at less than normal levels, and therefore unable to fully fulfill orders. The following month, the company confirmed that data, including personal information, were stolen from its systems.
- On March 30, 2024, Hoya Corporation of Japan, one of the world’s leading manufacturers of optical products, was at the receiving end of a ransomware attack perpetrated by the group Hunters International. The group demanded a ransom of $10 million to decrypt the 1.7 million files that it had stolen – amounting to 2 TB of data. The attack impacted the company’s labs around the world, leaving them unable to process orders. In a statement issued by the company on April 24, 2024, it wrote: “Our restoration process of Hoya Vision Care systems affected by the incident is substantially complete and the majority of affected labs are now open. We are, however, experiencing slight delays as we work through backlogs and hope to get back to our standard delivery schedule as soon as possible.”
- In the same month, another large German company was the victim of a cyber attack: Varta, the manufacturer of batteries for global automative, industrial and consumer markets. In response, IT systems and production were temporarily shut down at the company’s five production sites – three in Germany itself, and also one in Indonesia and one in Romania.
- In February 2024, ThyssenKrupp Automotive Body Solutions, which is part of the mammoth international industrial and technology company based in Germany, was targeted in a ransomware attack. Although the attack was detected early, it forced the shut down of production as part of the company’s cyber response actions, to prevent greater damage.
- In mid 2023, Clorox, which manufactures cleaning products, suffered a cyber attack, costing the company $356 million in damages. The impact on its IT infrastructure resulted in severe disruption of its production capabilities, forcing the company to begin processing orders manually, and as a result, incapable of fully meeting orders. The group behind the attack is believed to be Scattered Spider, whose members are thought to be between the ages of 17 and 22.
ACID’s solution can significantly improve the cybersecurity profile of the manufacturing industry, and potentially avoid disruption and shutdown of production facilities, as well as the theft of proprietary and sensitive data.
Cyber attacks like the ones detailed above do not occur in a vacuum; the perpetrators often leave signs indicating planning.
ACID deploys clusters of robots, implements sophisticated algorithms, injects avatars and uses crawlers imitating regular user activity to detect signs of impending attacks as early as in their planning stage. It then sends real time alerts to the targeted manufacturer, to enable it to respond and mitigate the impact of the attack, and possibly foil it altogether. Client-specific keywords are used, and relevant language/s chosen for optimal monitoring results.
If there is no advance indication of an attack before it is launched, 24/7/365 dark web monitoring, as well as the monitoring of the deep web and numerous additional sources, enable detecting an attack in progress, to prevent the threat from spreading and mitigate the damage. The detection of leaked data indicating that the organization’s systems have been breached is no less important, as it enables pinpointing and closing the security gap, stopping the attack, analyzing its results and preventing additional damage.