Cyber criminals focus their attacks on the manufacturing sector
Critical Start has recently published its biannual Cyber Threat Intelligence Report, highlighting the top threat trends witnessed in the first half of 2024. This encompasses emerging cybersecurity threats affecting industries like manufacturing, technology, healthcare, engineering and construction, and professional services. Noteworthy discoveries from the report include:
- Manufacturing emerges as the primary target industry for malicious actors, with 377 confirmed cases of ransomware and data leaks.
- Technology witnesses a 12.75% decline in ransomware attacks and data breaches.
- Healthcare and life sciences experience a 180% surge in ransomware and data exposure incidents in February 2024 compared to February 2023.
- Engineering and construction encounters a 46.15% uptick in cyber attacks.
- Professional services observe a 15% rise in ransomware attacks and data breaches.
Security leaders provide insights
Darren Guccione, CEO and Co-Founder at Keeper Security:
“The increasing adoption of digital technologies in sectors like manufacturing and construction has led to the integration of Information Technology (IT) and Operational Technology (OT) systems in many organizations. While enhancing efficiency, this transition exposes organizations to heightened cybersecurity risks. To mitigate these risks, maintaining network segmentation and a clear separation between IT and OT networks is crucial. This separation reduces the attack surface, safeguards infrastructure, and ensures business continuity by preventing IT breaches from disrupting essential OT processes like operational controls and safety systems.
“To better prepare for future attacks, organizations should focus on fostering resilience through a zero-trust security model that restricts access based on stringent verification protocols, and by enforcing the principle of least-privilege access. Moreover, integrating real-time threat intelligence and continuous monitoring could help identify vulnerabilities and potential threats before they escalate into major incidents. Another critical lesson is the significance of maintaining robust backup and recovery protocols. In the event of a ransomware attack, having isolated and regularly updated backups can make the difference between swift recovery and extended operational downtime.”
Stephen Kowski, Field CTO SlashNext Email Security+:
“I anticipate a continued increase in breaches and ransomware attacks throughout the remainder of 2024, particularly targeting healthcare, critical infrastructure, and supply chains. Recent high-profile incidents in these sectors underscore the ongoing vulnerabilities. To combat this, organizations must prioritize bolstering email security, implementing zero-trust architectures, and improving threat detection and response capabilities.
“The manufacturing and construction sectors should prioritize securing operational technology networks and implementing zero-trust architectures. Organizations should deploy AI-driven anomaly detection to identify unusual patterns in industrial control systems. Additionally, they should establish comprehensive email and collaboration security measures to prevent phishing and social engineering attacks on employees. Implementing behavioral analytics and machine learning to uncover subtle indicators of compromise is also crucial. Lastly, organizations should routinely test incident response plans and conduct tabletop exercises to prepare for large-scale attacks on critical systems.
“As we approach 2025, major ransomware trends are likely to feature more targeted attacks on critical infrastructure, increased usage of AI for evasion, and expansion of double extortion tactics. Security teams should be ready by implementing adaptive AI defenses, focusing on safeguarding sensitive data, and enhancing resilience through robust backup and recovery processes.”
Marcus Fowler, CEO of Darktrace Federal:
“Due to the diverse range of devices and unique protocols often used in industrial control systems, many critical infrastructure organizations struggle to accurately catalogue all their assets. It is imperative that organizations have visibility into all their assets, not just those deemed critical—since you cannot protect what you cannot see. This becomes especially crucial as adversaries increasingly utilize multi-stage and multi-domain attacks, capitalizing on a lack of visibility and isolated systems to move undetected across networks.
“Sophisticated cyber-attacks, enabled by AI and automation, as well as offensive tools offered as-a-service, are outpacing current incident preparedness, response, and management processes. Security teams often rely on outdated response strategies—such as static pre-defined playbooks and tabletop exercises—that fall short in providing effective and comprehensive situational awareness and recovery. Incident response playbooks are frequently created in isolation, following a one-size-fits-all format for generic attack scenarios—for instance, having one for ransomware and another for DDoS attacks, etc. While these playbooks may meet compliance requirements, their effectiveness during a real-life incident is limited as actual attacks rarely align with the static parameters outlined in a playbook.
“Organizations must prioritize the collaborative integration of security solutions across incident response programs and can leverage AI and machine learning to automate incident response. The influx of data pertaining to ongoing incidents that security teams and incident response teams must analyze can be immense. By automating this analysis, the process of identifying and prioritizing ongoing incidents becomes more efficient—liberating valuable resources. Setting up automation ensures that only pertinent events trigger alerts, ensuring potentially malicious activities are not overlooked. AI-enhanced tools can also expedite reporting capabilities by generating reports during and following an incident, freeing security teams to focus on essential remediation tasks.
“It is paramount that organizations practice and simulate incident response plans in real-time within their unique environments to optimize procedures and certify key personnel are prepared. Without testing a plan, any existing gaps remain unknown and unaddressed—until an actual incident unfolds.”
