Manufacturers are integral to supporting modern life, from the products we consume to the essential services and infrastructure on which we rely. For this reason, the manufacturing sector is also an appealing target for a wide range of adversaries. However, since many of the cyber and physical threats that persist across the industry originate within online illicit communities and chat services, companies that lack visibility into these regions of the Internet can be left with an incomplete picture of the broad spectrum of threats they face.
Below are examples of the types of challenges Flashpoint helps manufacturers address:
OPERATIONAL TECHNOLOGY (OT) SECURITY
Comprising the machinery and networks needed to support physical production processes, a manufacturer’s operational technology (OT) environment is the crux of the manufacturing business model. Since many manufacturers operate 24 hours per day, 365 days per year, the downtime required to perform routine security maintenance such as patching and vulnerability management can disrupt production schedules, impede service delivery, and reduce revenue. Given the perceived opportunity cost of these routine procedures, some manufacturers operate their OT environment for years without upgrading, or even assessing, its security posture. And as many manufacturers continue to integrate Internet-connected technologies into their oft-outdated OT environments, they are inadvertently expanding an exploitable attack surface.
Flashpoint’s ongoing monitoring of illicit community activity provides manufacturers with the insight needed to take proactive measures to safeguard their OT environments. In one instance, analysts observed a highly sophisticated Chinese threat actor soliciting guidance on customizing a remote access Trojan (RAT) before it was to be deployed via spear phishing. Through source reporting, Flashpoint learned that the actor was looking to integrate new keylogging functionality into the tool and also wanted to improve its ability to bypass antivirus protections. This intelligence enabled customers to proactively defend against the RAT and ensure employees were aware of the proper protocol for identifying and reporting attempted phishing.
From suppliers to contractors to distributors, many manufacturers heavily rely on third parties. While third-party arrangements can boost productivity and lower costs, the resulting intricate flow of materials, people, and data can cause manufacturers to lose visibility and control over certain processes. Without effective quality assurance procedures and security controls in place, this lack of visibility could threaten the integrity of a manufacturer’s products or present unintended security risks.
In one instance, Flashpoint identified a serious vulnerability present within millions of Internet of Things (IoT) devices that rendered them susceptible to exploitation by the Mirai malware, which led to subsequent DDoS attacks carried out by botnets comprised of connected devices such as DVRs and surveillance cameras. Analysts traced the vulnerability to an upstream component supplier contracted by many technology manufacturers. Flashpoint immediately alerted companies affected by the vulnerability so they could administer patches, issue recalls, and enforce stricter quality controls and security standards on supply chain partners.
INTELLECTUAL PROPERTY (IP) THEFT
Trade secrets and product formulas are essential to maintaining a competitive advantage, which is why manufacturers often take considerable measures to safeguard their intellectual property (IP). Recognizing that circumventing existing defenses as an outsider can be an arduous task, some adversaries instead solicit the assistance of malicious insiders to obtain IP directly from those who have been entrusted with it. In many cases, these arrangements with malicious insiders are made on the encrypted illicit forums. Flashpoint’s knowledge of malicious insiders’ techniques, tactics, and procedures (TTPs) and extensive illicit community visibility helps organizations proactively detect and mitigate a broad spectrum of insider threats, including intellectual property theft, insider recruitment, and insider trading.
In one situation, Flashpoint analysts discovered an actor advertising the source code of an unreleased software program owned by a multinational corporation for sale on an elite cybercrime forum. Upon further investigation, analysts determined the actor was employed by the company that owned the software. Flashpoint shared this information with the company, enabling them to safeguard the IP and terminate the rogue employee.
Given the manufacturing sector’s distinctive reliance on equipment and facilities, manufacturers must also monitor for physical security threats posed by trespassers who intend to steal inventory, obtain intellectual property, or disrupt operations. In many cases, theft, vandalism, or hardware alteration can be just as destructive and costly as a malware attack. Illicit communities are often associated exclusively with cyber threats, but it is also used by physical threat actors to plan illicit schemes while avoiding law enforcement intervention.
Flashpoint’s extensive visibility into these communities can help manufacturers uncover these plans and understand the targeting methods and TTPs of physical threat actors. When Flashpoint’s analyst team finds information within illicit communities or chat services pertaining to a customer, that customer is immediately alerted and linked to the relevant threat actor conversation. Further, Flashpoint customers have full access to our library of finished intelligence reports to inform their risk management strategy at a tactical and strategic level.