Manufacturing Mayhem: Dragos Report Reveals Ransomware Rampage on Industry Giants

Attention Manufacturers: Ransomware is the new assembly line jammer! Last year, cyber crooks clocked in at your factories, causing 638 shutdowns. Digital dreams turned digital nightmares, as 70% of these cyber shakedowns targeted manufacturing—proof that an unguarded robot is a hacker’s best friend. Stay secure or pay the ransomware price!

Hot Take:

It seems like cybercriminals took Marie Kondo’s advice and decluttered their target list, sparking joy by focusing on the manufacturing industry. But unlike a tidy closet, the mess they’ve left behind in the form of ransomware attacks is anything but joyful. Manufacturers were all gung-ho about hopping on the digital transformation express, but must’ve missed the memo about the security baggage that should come with it. Now, they’re paying the price—literally.

Key Points:

  • 70% of ransomware infections in industrial organizations targeted manufacturers, with 638 entities across 33 subsectors affected.
  • Manufacturers went big on digital transformation but skimmed on cybersecurity investments, making them easy pickings for cybercriminals.
  • Transportation is also struggling, with network defense woes, but manufacturing takes the lead in the struggle bus parade.
  • German control systems provider PSI Software got hit with ransomware, leading to a multi-week IT disruption.
  • A Mitsubishi Electric vulnerability and Oracle E-Business Suite flaws spotlight how enterprise IT products can become entry points for attacks on manufacturing.
Cve id: CVE-2022-21587
Cve state: PUBLISHED
Cve assigner short name: oracle
Cve date updated: 03/01/2023
Cve description: Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Title: Microsoft Message Queuing Remote Code Execution Vulnerability
Cve id: CVE-2023-21554
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 12/14/2023
Cve description: Microsoft Message Queuing Remote Code Execution Vulnerability

Cve id: CVE-2022-21589
Cve state: PUBLISHED
Cve assigner short name: oracle
Cve date updated: 10/28/2022
Cve description: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Need to know more?

Manufacturers Hit the Cyber Panic Button

Manufacturers, bless their cotton socks, jumped headfirst into the digital pool but forgot to check if there was water in it. Now they're dealing with the cyber equivalent of a belly flop as they become the belle of the ransomware ball. According to Dragos' 2023 report, manufacturing is the main attraction for ransomware fiestas, mostly because they forgot to send invites (and by invites, I mean adequate security measures) to their digital transformation parties.

Transportation's Security Roadblocks

Not to be outdone, the transportation sector is also putting on a good show, with 43% of organizations struggling to keep cyber intruders from doing the digital equivalent of hopping trains across their systems. But it's manufacturing that's still leading the struggle chart when it comes to segmentation woes, which is like trying to stop water from leaking without knowing where the holes are.

PSI's Ransomware Headache

PSI Software became the latest "I didn't sign up for this" story after a ransomware infection turned their Valentine's Day into a "It's complicated" relationship status with their IT systems. They're now in the throes of IT system restoration, which is probably about as fun as untangling a giant knot of cables, with no clear end in sight.

Manufacturing's IT Achilles' Heel

While everyone's worried about manufacturing and industrial control systems getting pummeled, it turns out that most cyber punches land in the traditional IT environment. It's like finding out the school bully is actually just stealing lunch money and not the actual lunches. But don't let that fool you, because when cybercriminals do hit the control systems, it's a buffet of chaos.

High Alert on Mitsubishi's Vulnerability

Meanwhile, a vulnerability in Mitsubishi Electric Machines is like leaving the door to the candy store unlocked. CISA's waving the red flag about this one, because if exploited, it could give attackers the keys to the kingdom. But hey, at least it's unlikely these machines are exposed to the public internet. Small mercies, right?

Laurionite's Laser Focus on Manufacturing

Last but not least, let's talk about LAURIONITE, a group with a taste for manufacturing systems. They've been exploiting Oracle E-Business Suite flaws to break in, look around, and steal data. While they haven't disrupted production lines or meddled with products, the potential for chaos is like a lit fuse waiting for a spark. Manufacturers, you might want to get on that.

Tags: Critical Infrastructure Protection, digital transformation risks, industrial control systems, Manufacturing sector security, operational technology, ransomware trends, Supply Chain Vulnerabilities