Hack­ers pur­sue fac­to­ries’ paral­y­sis

Ran­somware hits on rise for plants

Northwest Arkansas Democrat-Gazette - - BUSINESS & FARM - EMERY P. DALESIO

DURHAM, N.C. — The mal­ware en­tered the North Carolina transmission plant’s com­puter net­work via email last Au­gust, just as the crim­i­nals wanted, spread­ing like a virus and threat­en­ing to lock up the pro­duc­tion line un­til the com­pany paid a ran­som.

AW North Carolina stood to lose $270,000 in rev­enue, plus wages for idled em­ploy­ees, for ev­ery hour the fac­tory wasn’t ship­ping its cru­cial auto parts to nine Toy­ota car and truck plants across North Amer­ica, said John Peter­son, the plant’s in­for­ma­tion tech­nol­ogy man­ager.

The com­pany is just one of a grow­ing num­ber be­ing hit by cy­ber crim­i­nals look­ing for a pay­day.

While on­line thieves have long tar­geted banks for dig­i­tal holdups, to­day’s just-in­time man­u­fac­tur­ing sec­tor is climb­ing to­ward the top of hack­ers’ hit lists.

Pro­duc­tion lines that in­te­grate com­puter-imag­ing, bar-code scan­ners and the mea­sur­ing of tol­er­ances to a hair’s width at mul­ti­ple points are more vul­ner­a­ble to malev­o­lent out­siders.

“These peo­ple who try to hack into your net­work know you have a set sched­ule. And they know hours are mean­ing­ful to what you’re do­ing,” Peter­son said in an in­ter­view. “There’s only a day and a half of in­ven­tory in the en­tire sup­ply chain. And so if we don’t make our prod­uct in time, that means Toy­ota doesn’t make their prod­uct in time, which means they don’t have a car to sell on the lot that next day. It’s that tight.”

He said that cre­ates pres­sure on man­u­fac­tur­ers to make the crim­i­nals go away by pay­ing the sums de­manded.

Last Au­gust at the 2,200-worker Durham transmission fac­tory, the com-

● puter virus coursed through the plant’s net­work, flood­ing ma­chines with data and stop­ping pro­duc­tion for about four hours, Peter­son said.

Data on some lap­tops was lost, but the mal­ware was blocked by a fire­wall when it tried to exit the plant’s net­work and put the hack­ers’ lock on the plant’s com­puter net­work.

The plant was hit again in April, this time by dif­fer­ent crooks us­ing new mal­ware de­signed to hold data or de­vices hostage to force a ran­som pay­ment, Peter­son said. The virus was con­tained be­fore af­fect­ing pro­duc­tion, and no ran­som was paid to either group, he said.

Man­u­fac­tur­ers, gov­ern­ment and fi­nan­cial firms are now the top tar­gets glob­ally for il­licit in­tru­sions by crim­i­nals, for­eign es­pi­onage agen­cies and oth­ers up to no good, ac­cord­ing to a re­port this spring by NTT Se­cu­rity.

A sur­vey of nearly 3,000

cor­po­rate cy­ber­se­cu­rity ex­ec­u­tives in 13 coun­tries last year by Cisco Sys­tems Inc. found about one out of four man­u­fac­tur­ing or­ga­ni­za­tions re­ported cy­ber­at­tacks that cost them money in the pre­vi­ous 12 months.

Since 2015, U.S. man­u­fac­tur­ers con­sid­ered “crit­i­cal” to the econ­omy and to nor­mal mod­ern life, like mak­ers of au­tos and avi­a­tion parts, have been the main tar­gets of cy­ber­at­tacks — out­strip­ping en­ergy, com­mu­ni­ca­tions and other crit­i­cal in­fra­struc­ture, ac­cord­ing to Depart­ment of Home­land Se­cu­rity in­ci­dent re­sponse data. The num­bers may be im­pre­cise be­cause com­pa­nies in key in­dus­tries of­ten don’t re­port at­tacks for fear of poor pub­lic per­cep­tion.

But at­tacks de­mand­ing ran­som against all U.S. in­sti­tu­tions are spi­ral­ing higher. The FBI’s In­ter­net Crime Com­plaint Cen­ter re­ceived 2,673 ran­somware re­ports in the year end­ing last Septem­ber — nearly dou­ble from 2014.

While man­u­fac­tur­ers are in­creas­ingly prey to these cy­ber stick­ups, it may just be

be­cause crim­i­nals are play­ing the odds and strik­ing as many en­ter­prises of all types as they can across a tar­geted re­gion, said John Miller, who heads a team at cy­ber­se­cu­rity firm FireEye, which tracks mon­ey­driven on­line threats.

At­tack­ers “aren’t nec­es­sar­ily go­ing af­ter man­u­fac­tur­ing to the ex­clu­sion of other sec­tors or with a pref­er­ence above other sec­tors. It’s more that, ‘OK, we’re go­ing to try to in­fect ev­ery­body in this coun­try that we can,’” Miller said.

One high-pro­file ex­am­ple came in May and June, when auto man­u­fac­tur­ers in­clud­ing Re­nault shut down pro­duc­tion af­ter they were swept up in the world­wide on­slaught of the Wan­naCry ran­somware virus.

But at­tack­ers also are in­creas­ingly in­ject­ing ways to re­motely con­trol the ro­bots and other au­to­mated sys­tems that con­trol pro­duc­tion in­side tar­geted fac­to­ries.

The threat of com­puter code tai­lored to hit spe­cific tar­gets has been around since re­searchers in 2010 dis­cov­ered Stuxnet, mal­ware ap­par­ently

de­signed to sab­o­tage Iran’s nu­clear pro­gram by caus­ing cen­trifuge ma­chines to spin out of con­trol. Stuxnet is widely be­lieved to be a covert Amer­i­can and Is­raeli cre­ation, but nei­ther coun­try has of­fi­cially ac­knowl­edged a role in the at­tack.

Ma­li­cious soft­ware that at­tacked Ukraine’s elec­tric­ity grid last De­cem­ber was built to re­motely sab­o­tage cir­cuit break­ers, switches and pro­tec­tion re­lays, re­searchers said.

Cy­ber­at­tacks that reach into in­dus­trial con­trol sys­tems have dou­bled in the past two years in the U.S. to nearly four dozen so far in the fed­eral fis­cal year that ends in Septem­ber, out­strip­ping last year’s to­tal, ac­cord­ing to Home­land Se­cu­rity Depart­ment data.

“I think the emerg­ing threat you’re go­ing to see in the fu­ture now is re­ally cus­tom ran­somware that’s go­ing to be tar­geted more to­ward in­di­vid­ual com­pa­nies,” said Neil Her­sh­field, the act­ing di­rec­tor of the depart­ment team that han­dles emer­gency re­sponse to cy­ber­at­tacks on in­dus­trial con­trol sys­tems.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.