Cyber-attacks rose 24 per cent QoQ worldwide in Q2'17, with manufacturers a ‘key target'. NTT Security's Q2 Threat Intelligence Report, which showed the findings, is based on events identified across the company's global client base during the second quarter of the year.
34 per cent of all attacks that NTT tracked affected manufacturers, and these companies appear in the top three targets in five of the six global regions. The manager of NTT's Threat Intelligence Communication Team, Jon Heimerl, said that this should be "a red flag for CISOs across this market segment."
The manufacturing segment holds a vast quantity of IP, and deals with massive amounts of money: fractions of a market share can be millions or billions of dollars. On top of this, security is rarely a priority:
"Most manufacturing systems today were made to be productive - they were not made to be secure," said SVP of the National Center [sic] for Manufacturing Sciences Rebecca Taylor. "It isn't a matter of if they will be targeted, but when." NTT's report underlines Taylor's statement: funds are spent on upgrading systems for productivity, not cyber security - an increasing risk with as IoT and always-on connectivity come to the fore.
The greatest problem in these attacks is those that go undetected, when hackers are free to operate inside the network. 37 per cent of the manufacturers NTT surveyed said that they do not have an incident response plan in place.
"This is very concerning, as manufacturers' IT security liabilities often impact not just the manufacturing organisations, but suppliers, as well as related industries and consumers," said Heimerl.
Most malicious traffic in Q2 came from systems in two countries: not North Korea, or China, or Russia, but France and the Netherlands. In recent years the infrastructure in these countries has improved significantly, and threat actors are starting to migrate and exploit vulnerable servers in these regions.
France was responsible for 47 per cent of hostile attack traffic, and while the Netherlands came second, it was a long way behind. While the attacks have been tracked to these countries, they are associated with servers running proxy configurations; the implication is that the attackers, to no-one's surprise, are probably operating from other locations.
NTT tracked a wide mix of attack methods in Q2'17, including web application attacks; attacks enabling remote code execution; and phishing. Researchers also noticed an increase in reconnaissance attacks, which aim to identify vulnerabilities in networks - possibly indicating attack preparation during the coming months.
Leaks in the run-up to Samsung Galaxy Note 8 launch pretty much gave it all away
Sonos Play 1 speakers cost £180, but customers could suffer if they don't agree changes to privacy policies
US government 'cyber czar' admits briefing against Kaspersky, but doesn't offer any firm evidence
Acquisition deal may be reached before the end of the month