Hackers are Calling Their Shots and Industry Remains Vulnerable
Cyberattacks can seem to come out of nowhere, and they cause innumerable headaches when they do. It’s reached the point where many companies simply pay the ransom so they can move beyond the incident. But what if you knew a cyberattack was coming? Would you be able to prepare for it? Or even avoid it?
Even with advance warning, manufacturers may still find themselves at the mercy of hackers. Today’s cybercriminals are so confident of success, they’ve started calling their shots. The manufacturing industry is on notice.
A spike in cybercrime
Last year was monumental for cybercrime. The shift to remote work and cloud migration created a smorgasbord of opportunities for malicious actors seeking to ransom and extort companies. In 2020, ransomware attacks rose 62% worldwide — and a staggering 158% in North America. Successful attacks netted losses of over $29.1 million.
Emboldened by these figures, cybercriminals persist with their aggressive tactics in 2021 — especially against industrial targets. The Colonial Pipeline ransomware attack, which drew a $4.4 million ransom, demonstrated the fearlessness and capability of cybercriminals. Hackers continue to breach well-protected systems, and they’re demanding greater and greater sums.
Calling their shots
In the last 18 months, cybercrime has grown into its own industry. Hacker collectives are forming with specific intent to attack predetermined targets — usually companies with lax cybersecurity or exploitable vulnerabilities. Groups like REvil, DarkSide, and BlackMatter are even leaving calling cards to claim responsibility for data breaches and ransomware hits.
Some groups have gone a step further: They’re calling their shots before the attack. It’s not a ruse. Several recent successful ransomware attacks came complete with advanced notice. On July 22, Saudi Aramco ransomed 1TB of sensitive stolen data for $50 million. They received a warning from the hacker on June 23.
Hackers calling their shots isn’t new, but it is unprecedented at recent levels in the industrial sector. It’s a clear sign of the gap between cybercriminal capabilities and industrial cybersecurity defenses.
Upping the ante
Every successful industrial cyberattack sets yet another precedent for perpetuating the problem. Before 2020, ransoms paid out in the range of tens of thousands of dollars — occasionally hundreds of thousands. Today, hackers are extorting millions from companies — even with advance notice. The call to action couldn’t be clearer for manufacturers: It’s time to protect your digital infrastructure.
While shoring up internal cybersecurity practices is a great place to start, manufacturers need to do more — especially those in high-profile sectors, such as public utilities and agriculture. Be proactive. Hire an expert third-party consultant. Submit to a cybersecurity stress test. And heed all warnings — whether they come from cybersecurity professionals, the media, or the hackers themselves. The cost of being prepared is nominal compared to the rising costs of a cybersecurity breach.