Manufacturing Organizations Like Bluescope are the Next Targets for Cybercriminals

The frequency and sophistication of cyberattacks against the manufacturing industry have been rising. Recently, some notorious threat actors were found targeting manufacturing firms in Australia.

Recent incidents in Australia

  • In May 2020, a cyber attack on Bluescope's Australian unit forced production systems to be halted company-wide. The attack on its information technology systems mainly disrupted its manufacturing and sales operations.
  • In April 2020, Australian kids' smartwatch maker, iStaySafe Pty. Ltd., accidentally introduced a security flaw in its software of ‘TicTocTrack’ watch, which could have allowed hackers to spoof the location of a child as well as download the personal information of its customers.
  • In March 2020, the state-sponsored APT41 group targeted 75 customers with attacks on Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central products. They exploited Citrix and Zoho endpoints at scores of customer organizations located in Australia and several other countries.
  • In Febuary 2020, Australia’s longest-running ice rink, Canterbury Olympic Ice Rink (COIR), fell victim to a Business Email Compromise (BEC) attack and lost $77,000, as the hackers sent a fake invoice, posing as the UK-based company, Marshall’s International.

Manufacturers across the world at risk

Various cyber attacks have been targeting a number of manufacturing companies and industrial firms, not just Australia, but all across the world. The primary contributor to malware attacks on manufacturing and industrial firms includes ServLoader and NetSupport remote access Trojans followed by Emotet, Hoaxcalls, and Stuxnet. 
  • In April 2020, a hacker group, TA4562, launched video conferencing-themed attacks to target manufacturing organizations (as well as other sectors) in the US, distributing the ServLoader/NetSupport remote access trojans.
  • In the same month, a new DDoS botnet, Hoaxcalls, had infected many Grandstream UCM6200 and Draytek Vigor devices and exploited existing vulnerabilities for propagation.
  • In March 2020, Schneider Electric’s Modicon Programmable Logic Controllers (PLCs) and other manufacturers were found vulnerable to Stuxnet-style malware.

How to stay safe

Use updated threat detection and monitoring solutions to protect the network and the computer systems from potential threats and malicious actions. Use strong passwords and 2FA to ensure that malicious users don't gain access to the system. Use data encryption software to ensure that data cannot be misused even after it gets stolen.