Manufacturing sector is increasingly a target for adversaries. [Research Saturday]

Cyber threats to the manufacturing sector are increasing, with disruptive cyberattacks impacting industrial processes and information theft becoming more prevalent. Five ICS-focused activity groups targeting manufacturing have been identified by Dragos, including CHRYSENE, PARISITE, MAGNALLIUM, WASSONITE, and XENOTIME, along with ransomware activities capable of disrupting operations. Manufacturing relies heavily on ICS for quality control, product safety, and supply chain operations, making it critical infrastructure. An attack on a manufacturing entity can have significant ripple effects across the supply chain, impacting product fulfillment, health and safety, and national security objectives. Ransomware adversaries are adopting ICS-aware functionality, which can stop industrial processes and cause destructive impacts. While no ICS-specific malware targeting manufacturing has been observed on the same scale as TRISIS and CRASHOVERRIDE, ongoing threats can still have direct and indirect impacts on operations. The threat landscape is expected to evolve as adversaries and their behaviors change. The research provides a snapshot of the threat landscape as of October 2020.