Cyber-attacks rose 24 per cent QoQ worldwide in Q2'17, with manufacturers a ‘key target'. NTT Security's Q2 Threat Intelligence Report, which showed the findings, is based on events identified across the company's global client base during the second quarter of the year.
34 per cent of all attacks that NTT tracked affected manufacturers, and these companies appear in the top three targets in five of the six global regions. The manager of NTT's Threat Intelligence Communication Team, Jon Heimerl, said that this should be "a red flag for CISOs across this market segment."
The manufacturing segment holds a vast quantity of IP, and deals with massive amounts of money: fractions of a market share can be millions or billions of dollars. On top of this, security is rarely a priority:
"Most manufacturing systems today were made to be productive - they were not made to be secure," said SVP of the National Center [sic] for Manufacturing Sciences Rebecca Taylor. "It isn't a matter of if they will be targeted, but when." NTT's report underlines Taylor's statement: funds are spent on upgrading systems for productivity, not cyber security - an increasing risk with as IoT and always-on connectivity come to the fore.
The greatest problem in these attacks is those that go undetected, when hackers are free to operate inside the network. 37 per cent of the manufacturers NTT surveyed said that they do not have an incident response plan in place.
"This is very concerning, as manufacturers' IT security liabilities often impact not just the manufacturing organisations, but suppliers, as well as related industries and consumers," said Heimerl.
Most malicious traffic in Q2 came from systems in two countries: not North Korea, or China, or Russia, but France and the Netherlands. In recent years the infrastructure in these countries has improved significantly, and threat actors are starting to migrate and exploit vulnerable servers in these regions.
France was responsible for 47 per cent of hostile attack traffic, and while the Netherlands came second, it was a long way behind. While the attacks have been tracked to these countries, they are associated with servers running proxy configurations; the implication is that the attackers, to no-one's surprise, are probably operating from other locations.
NTT tracked a wide mix of attack methods in Q2'17, including web application attacks; attacks enabling remote code execution; and phishing. Researchers also noticed an increase in reconnaissance attacks, which aim to identify vulnerabilities in networks - possibly indicating attack preparation during the coming months.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all