On June 7, the Belgian plant of ASCO Industries, which manufactures plane parts for companies such as Airbus, Boeing, Bombardier Aerospace and Lockheed Martin, was hit by one of the biggest crises in its history. Its heads of cybersecurity discovered that they had been infected with ransomware.
This was when the company discovered that the cyberattack had made its way onto all of its systems, immediately paralyzing all its operational activities. What’s more, as an extra precaution, the company decided to close its offices in Germany, Canada and the USA. In total, over 1,000 employees were unable to work due to the industrial processes being shut down.
This case is just further proof of a situation that is becoming clearer every day: the increase in infractions on industrial property all over the world. And the trend seems set to escalate; the controversies between China and the US, tech giants or large companies competing for multi-million dollar international projects tend to unfold in offline environments. Despite this, the use of cybercrime to attack intellectual and industrial property is a possibility that needs to be considered by every company.
A growing cyberattack_
Proof of this trend can be found in the 2018 Cybercriminality Study, carried out by the Spanish Ministry of the Interior. As well as discussing the government organization and main Spanish legislation related to cybersecurity, it offers statistics on the cyberattacks registered last year.
Threats to industrial and intellectual property represent a bigger danger insofar as they are not massive cyberattacks on a large number of companies, but rather strategies that target specific organizations with the aim of paralyzing their activity or even indefinitely bringing down their devices.
This a trend that causes concern all around the world. Similarly, the Europol report, Internet Organised Crime Threat Assessment reveals that, while ransomware is still the leading cybersecurity threat for many companies, there has recently been a trend for “attackers [to] focus on fewer but more profitable targets and greater economic damage”, as is the case for industrial cyberattacks.
A clear example of this kind of operation is GermanWiper, a piece of malware that, over the last few months, has been spreading to organizations worldwide, but with German organizations being the main victims. One of its most illustrative characteristics is the fact that, while other pieces of malware encrypt files and demand a ransom to return the files, GermanWiper doesn’t encrypt the victim’s files—it simply overwrites them, making them completely useless. This is indicative of how, in these cases, the cyberattack isn’t necessarily seeking economic gain, but rather aims to inflict the greatest industrial and financial harm possible on its victims.
Other ways of attacking property_
Apart from the spread of GermanWiper, cyberattacks on companies’ industrial and intellectual property can take several forms.
1.- Phishing. Credential theft is one of the most effective ways of gaining access to a company’s sensitive data. It also exposes the fact that there is often a clear weakest link in the corporate cybersecurity chain: the employees.
2.- CEO fraud. This common variant of phishing involves imitating the CEO or some other company high-up. Cybercriminals take advantage of the immediacy of the situation to create confusion, which they then use to attack the company.
3.- Attacks on IoT. An increasing number of companies work with connected devices that can be exposed to cyberattacks. This threat can take several forms, from intrusions on an organization’s IT system to the cybercriminal getting onto the systems that the organization has on the cloud to support its own devices.
4.- LotL attacks. In Living-off-the-Land (LotL) attacks, cybercriminals make use of operating system tools and trusted applications to carry out cyberattacks without being discovered. This is possible because of the fact that many cybersecurity solutions are incapable of discovering this anomalous activity on systems.
How to protect industrial and intellectual property_
To stop industrial or intellectual property from ending up in the hands of cybercriminals, organizations must make all solutions available for protecting their IT systems and for stopping unauthorized access. They must also be able to control what processes are run at all times in order to stop any kind of future problem.
This is how we do things at Cytomic, using AI and Deep Learning algorithms to continuously classify applications based on their behavior, while also searching for any kind of suspicious activity by applying scaled data analysis on the cloud. Along with this automation, there is also the Threat Hunting service to provide an additional layer of monitoring and analysis to strengthen security.
It is vital to remember that a cyberattack on industrial or intellectual property will not only weaken any organization’s cybersecurity; it will cause the loss of assets that could cause million-dollar losses.