THANK YOU FOR SUBSCRIBING
Throughout 2020, while government organizations and healthcare centers were heavily targeted for attacks, nobody received more interest from threat actors than the manufacturing industry. In this coming year, we’re expecting four particular developments in the methodology of ransomware attacks, mostly centered around threat actors’ ability to find weaknesses in the cyber security awareness and defenses of specific industries.
The first upcoming development will be a significant increase in the frequency of ransomware attacks targeted by industry. One example of this was the malware Ryuk’s targeted attacks on American healthcare centers. We believe that the pressure on medical centers will continue to rise, and that pharmaceutical facilities will experience increased attention from hackers as well, likely becoming a primary focus for cyber attack in 2021. Furthermore, we’re expecting to see adversaries take the additional step of including features within the malware to help make sure the attack is hitting the desired kind of target.
The second expected development is that it will become extremely common for threat actors to take advantage of legitimate channels of file distribution and management in their attacks. Throughout 2020 manipulating the AD (Active Directory) server to deliver ransomware via GPOs (Global Policy Objects) was a popular and effective strategy. This allowed malware to evade detection and very conveniently spread by taking advantage of the network’s file distribution systems.
Finally, the third development will be that extortionware-style tactics, designed to turn up the heat on stakeholders, will become more advanced as well as more common. Unlike typical ransomware, extortionware exfiltrates data, then uses that data as leverage to intimidate victims into paying quickly. Bad actors would like stakeholders to believe that if they pay up fast, the stolen information will be wiped from the hackers’ computers and not be published on the internet. It’s important to note that we do not advise paying such ransoms, both for legal reasons and because there is no reason to believe that cybercriminals will keep their side of the bargain.
Our fourth and final expectation is the focus of bad actors on the new and rapidly-expanding attack surfaces that have come about as a result of the COVID-19 pandemic. Throughout the epidemic, the manufacturing industry has continued to operate at the highest possible output, creating multiple attack surfaces in the process as working and meeting remotely become a routine part of daily life. One example of such remote work with high potential for exploitation is maintenance personnel needing to maintain equipment from a distance instead of coming in to do it by hand.
Traditional cyber defense methods such as perimeter firewalls and air gaps are already unable to stop attacks from affecting production. Work sites should be adopting network segmentation and trust listing based on a zero trust framework to minimize cyber risk. Additionally, legacy systems or other devices that can’t be updated can be protected by a network-based defensive technology called ‘virtual patching’, which creates a sort of protective shield around such assets. That ‘shield’ is then regularly updated and maintained by teams of threat researchers, who are able to patch vulnerabilities in a matter of days.
In 2021, TXOne Networks will increase its outreach, promoting OT security awareness with a focus on helping organizations ensure continuous and safe operation for their work sites. During the last year and a half of hard work, TXOne Networks has developed a synergistic suite of products for network security, endpoint security, and auditing. Areas of manufacturing including automobiles, semiconductors, and pharmaceuticals have put these products into use with good results. We’re looking forward to continued work in the development of OT-specialized security solutions to stem the rising tide of cyber risk rolling in with 2021.