The Evolving Business of Malware and Manufacturing

When most people think of cyberattacks, they assume that the primary targets are large companies with servers full of valuable data — hospitals, tech companies, hotels, credit card companies, and the like.

While those companies are often the target of high-profile attacks, malware perpetrators have set their sights on a new industry: manufacturing. Due to significant revenues and often lax tech security practices, malicious hackers have targeted and successfully carried out attacks against oil refineries, factories, manufacturing plants, and even public utilities like power grids. With the potentially catastrophic impacts of a successful cyberattack, it’s become increasingly important for companies in this sector to protect themselves from the growing volume of attacks. Here’s a look at the threats facing the manufacturing industry.

Ransomware Attacks

A ransomware attack is a form of malware that either steals or encrypts a company’s data. After the target company is paralyzed by the hack, the attackers will demand a monetary payment (often in the form of untraceable cryptocurrency) to release the data or computer systems.

Given the massive cost of shutting down a factory or public utility, companies often pay the ransom. Ransom demands range between tens and hundreds of thousands of dollars to unlock the data — an amount a large industrial company is likely to pay to regain network access.

But paying the ransom is often not the end of these attacks. Many attackers install backdoor access when they initially plant the ransomware, allowing them to return and repeatedly hold the same data for ransom. Some companies may pay a ransom several times to regain access before seeking help from IT consultants, wasting time and money.

Crypto Mining

The popularity (and profitability) of cryptocurrency mining has skyrocketed in the last five years, but the computer equipment required to conduct large-scale mining is expensive to purchase and maintain.

Instead of setting up their own mining operations, some hackers have devised a way to install crypto mining software on their target computers, taking advantage of the massive computing power of a large network or tech company. These attacks are extremely difficult to detect, generating a steady stream of revenue for attackers while hiding under the radar of your anti-malware detection systems.

While such an attack doesn’t technically harm your system, it can seriously hamper your company’s technology and slow down the operations for which your computer network is intended, in addition to generating significant power bills.

Attackers Are Paying Attention

For a long time, hackers tended to take a smash-and-grab approach to breaching company networks, stealing what they wanted, and abandoning the target to move on to the next. That’s no longer the case.

Modern hackers are much more likely to linger on a company’s computer systems, learning your habits and exploring the protections you have in place so that they can better work around them and remain undetected. Once they execute an attack, they’ll monitor your internal communications to see if their attacks have been noticed, then change their behavior accordingly.

In one case, a hacker executed their initial attack but continued to monitor the computer systems. When the IT team sent around an email announcing the new security precautions they’d be implementing, the hackers preemptively installed workarounds to keep the door open for future attacks.

Preventing Malware Attacks

The best way to prevent most malware attacks, other than antivirus and antimalware software, is to keep regular, complete backups of every byte of data in your company. Many companies will back up their computers every hour to a local server, then once a day to an offsite server. Ideally, the connection to the offsite server will be open only for the amount of time it takes to run the backup to prevent hackers from gaining access to the backup as well. Some companies go a step further, manually unplugging the backup servers to ensure that they can’t be targeted.

If your data is backed up and your company is attacked, the worst-case scenario is that you’ll have to wipe the whole system and restore it from a backup. This scorched-earth approach isn’t ideal, as deletion and restoration are expensive and time-consuming, but it’s better than being held hostage by malicious code.

Recovery Planning

Finally, you’ll need a recovery plan to weather the attack and get back to full strength as quickly as possible. Think about workarounds for important systems like credit card processing or inventory management, and spell out a list of which systems will need to be restored first in the event of a shutdown.

Malware and anti-malware tools are locked in an ever-escalating arms race, so total protection can’t be guaranteed. But with the right preventative measures, thorough education of your staff on how to avoid compromising the system, and a plan in place to recover in the event of an attack, you can keep your company, your customers, and your data safe.

Dark abstract image featuring nearly white patterns among nearly black background.

Begin a Conversation

Have a question? Want to connect about a problem? Interested in getting started? Whatever it is, we’re here when you need us.

Blue, Coral, and White overlapping square image