Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Move over Healthcare, Ransomware Has Manufacturing In Its Sights

Derek Manky, Global Security Strategist, Fortinet | June 10, 2016
Fortinet research conducted over the past several months shows that manufacturing is likely to be the next industry specifically targeted by ransomware.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Everyone has heard how ransomware shut down the networks of several large healthcare providers this past year. To get their systems unlocked, these organizations paid huge ransoms to cybercriminals. Healthcare networks are notoriously vulnerable, and have been tagged by the media and security professionals as the preferred target for these sorts of attacks.

That may be about to change. Fortinet research conducted over the past several months shows that manufacturing is likely to be the next industry specifically targeted by ransomware. In our latest report we detail two specific trends that support this conclusion. The first is an alarming spike in custom ransomware attacks targeted at the manufacturing industry, and the second is the development of a new generation of ransomware that is especially devastating.

Between October 1, 2015 and April 30, 2016, Fortinet monitored and collated network traffic for 59 mid-sized to large manufacturers, spread out over 9 countries in key markets across the Americas, EMEA, and APAC. During those seven months, we recorded 8.63 million attempted attacks on those 59 manufacturers. And 78 percent of this malicious activity was targeted at large manufacturers with 1000 or more employees. That is a lot of attacks.

So, why is the manufacturing sector being targeted?

Today's manufacturing floors are highly automated, and often provide just-in-time inventory in order to prevent getting caught with warehouses full of products in the event of an economic downturn. Which means there is a lot at stake in hitting delivery timetables. Disruptions at any point along the supply chain can have massive negative effects, resulting in missed shipments of material and products, lost man-hours, stalled production lines, and in some cases where companies are reliant on legacy systems, a complete shutdown of their business. These compounded repercussions can cause losses in the millions of dollars.

While the majority of the attacks targeting manufacturers were the sorts of traditional malware and botnet variants you would expect to see, we also noticed something else. Nearly a third of these attacks (29 percent) were a new variant of a Trojan called Nemucod. This was particularly interesting because, over the past several months, Nemucod has dropped out of the top ten global threats lists across all industries EXCEPT for manufacturing, where its presence has spiked.

Nemucod is a well-established trojan that has typically targeted financial data, like capturing an infected user's banking login information. It has traditionally propagated through email attachments that would download and install malware when the recipient clicked on an infected attachment.

As an established piece of malware, security teams would not be surprised to see Nemucod or one of its variants on the list of threats targeting their organization. But what we discovered is that of the four different Nemucod variants that made the Top 10 list of malware attacks on manufacturers, three of these variants had advanced enhancements that no longer required a user to take an action, such as opening a compromised attachment to get infected.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.