The rising threat of ransomware in the operational technology world

22 February, 2021

Ransomware has now become a major threat to the manufacturing industry. Cyber thieves have started to target the operational technology (OT) that this sector relies on. 

The number of publicly recorded ransomware attacks against the manufacturing sector tripled in 2020.

With manufacturing giants like Westrock, Foxconn, Honda and Norsk Hydro among those reporting attacks, it is clear that those in the industry need to protect themselves.

The impact of ransomware attacks on technology systems can extend beyond financial loss. It can result in  supply-chain issues and even physical danger. Adopting defense-in-depth security strategies and having effective preventative, detective, and corrective controls in place is critical for reducing risk.

Aerial picture of a container ship and shipyard.

The first point of entry

The most common initial access entry points for ransomware attacks are:  

  • Spear-phishing, which targets specific users

  • Remote workers

  • Exploiting software vulnerabilities and enterprise network equipment 

Devices exposed to the internet are high risk and can facilitate an initial access to a victim’s environment.

As companies move towards smart manufacturing processes, care needs to be taken with adopting Wi-Fi enabled industrial IOT devices and tools. If these devices are connected to corporate networks or IOT networks and are not protected properly, they can become network access points by a cyber attacker.

Attackers use these techniques to gain a foothold on the corporate IT system and attempt to disrupt the environment and manufacturing operations.

Why has OT become a prime target for cybercriminals?

Unsecured systems 

Operational Technology (OT) is critical to monitor and manage industrial control processes and manufacturing equipment such as assembly and production lines . Operational Technology is at the heart of many Irish organisations such as pharma, medical devices, power supplies and airports. Unlike IT systems which are regularly patched, organisations are often slow to update their OT systems. It takes a lot of time and resources, and is often seen as an inconvenience rather than a benefit. This leaves their systems vulnerable and prime targets for cybercriminals to exploit.

Ease of access 

As more devices are introduced to the OT system, and more people are connected with these devices, cybercriminals have an increased level of access. There are more potential vulnerabilities that they can exploit using deceiving tactics such as silent infections from exploit kits and malicious emails.

Potential to inflict extensive damage

Because they impact critical products and services, attacks on OT systems have the potential to inflict far more damage than an attack would on an IT system. This acts as an incentive for cybercriminals, as companies may be forced to comply with hackers' ransom demands in an attempt  to save their critical systems and resume operations.  

Lack of a clear OT security strategy

While most organisations have a defined IT security strategy, it is essential to have a cross-functional OT security strategy that links in with IT to ensure OT systems are equally protected. 

Actions to reduce the risk of ransomware on OT

Vulnerability Management

Perform vulnerability assessments on key control systems to identify and remediate any software security issues.

Implement proper access control

To reduce the impact of ransomware attacks, it is critical to have proper segmentation between the IT and the OT network. Regularly conduct architecture reviews to identify all assets, connections, and communications between IT and OT networks.

Gain deeper visibility

As manufacturing operations become increasingly connected, gaining good visibility of assets, processes, and external connections is vital. Companies should monitor outbound network connections from OT networks to detect any malicious threat behaviours.

Secure your remote connections

Due to the global pandemic, operators of industrial systems were forced to rely on remote access to manage critical infrastructure. Organisations need to secure any remote access to these systems to reduce the risk of cyber attack. One way to do this is to create barriers such as a VPN with two-factor authentication to gain access.

Backups and incident response

The best defence against ransomware is to have robust and well-tested backups. Organisations can recover quickly if they have good backup and restoration policy and procedures in place. They should maintain recent backups online (hot) and offline (cold) to ensure their system can be restored correctly. 

It is also important for organisations to have a comprehensive and well-tested incident response plan to respond to any cyber threats and it must be designed with OT concerns in mind. 

We are here to help you.

As cyber threats evolve, especially in the current pandemic, we know that the operational security challenges you face are mounting. The priority now is ensuring your business can adapt and have strong security controls in place to reduce ransomware risks in OT environments.  We are ready to help you as you face the future. Contact us today.

Contact us

Pat Moran

Partner, PwC Ireland (Republic of)

Tel: +353 1 792 5308

Will O'Brien

Director, PwC Ireland (Republic of)

Tel: +353 1 792 8988

Leonard McAuliffe

Director, PwC Ireland (Republic of)

Tel: +353 1 792 8632

Neil Redmond

Director, PwC Ireland (Republic of)

Follow PwC Ireland