Manufacturers and DDoS attack. Why would cyber criminals be interested in my business?

Believe it or not, manufacturing took over from finance as the most cyber attacked sector in 2021 – almost a quarter of attacks were aimed against them, up from 18% in 2020.

Photo of 3D printer

Many attacks are carried out by large and well-funded Organised crime groups supported by state actors. And the West’s overt support for Ukraine in the ongoing war in Europe is only likely to lead to further more aggressive attacks as Russia seeks to punish those nations and organisations it believes are frustrating its geo-political ambitions.


The growth in manufacturing’s reliance on Industrial Control Systems (ICS) adds another layer to the problem. ICSs are an integral part of our lives today. They allow for easier management of our most critical infrastructures and processes. Manufacturing, gas, water, power distribution and transportation all depend on ICSs to keep their processes running on a daily basis.


What’s more, the emergence of the Industrial Internet of Things (IIoT) has allowed users to automate some tasks in the process. We can now control everything simultaneously from a remote location, leading to improved workflow efficiency and helping us reach never-before-seen speed and accuracy.

Two workers on factory site talking

However, ICSs also have many cybersecurity issues. From weak passwords in internet of things (IoT) devices and open-source software, to using commercial communication protocols — ICSs have more than a few DDoS vulnerabilities. There is even evidence that IoT devices are being used to amplify the DDoS attack itself. With so much operational equipment and so many ICS layers to audit, malware can easily sneak by manufacturers without getting noticed.


That’s frightening, considering how much we depend on these systems and what’s at stake.


While no one is completely safe from DDoS attacks, critical infrastructures and centralized control systems are the most vulnerable. These industries should be the ones paying the most attention to DDoS attacks and investing the most in their cyber protection.

Graph showing year on year rises for DDoS attacks with predicted figures for the future. Starts at 7.9m in 2018 with predicted rise to 15.4m in 2023
Figure 1. Cisco’s analysis of DDoS total attack history and predictions.

So, what is a DDoS attack?

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, website, or network by overwhelming it with a flood of Internet traffic.


DDoS attacks frequently come from multiple sources to make their identification more difficult. It can also hinder the victim organization’s attempts to stop the DDoS.


In lay terms it’s like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.


DDoS normally present themselves, as you would expect, by a slowing or crashing of a company’s network or website. Which costs you time, reputation and money and potentially drives your customers to competitors websites


Can you protect yourself from these attacks?

Raindrops

DDoS attacks are notoriously difficult to prevent.

The attackers don’t necessarily need internal access to the network as the attack is from the outside. They are increasing in complexity and sophistication meaning that defence against these dark arts needs continual review.


But the key points for protection to remember are:

  1. Know your network's traffic. A free tool that we can recommend here is Police CyberAlarm | The Eastern Cyber Resilience Centre (ecrcentre.co.uk)

  2. Create a Denial-of-Service Response Plan within your incident response plan Tools | Eastern CRC (ecrcentre.co.uk) – one of the areas covered within the Cyber Essential (CE) Program

  3. Make your network resilient and practice good cyber hygiene – using CE principles

  4. Scale up your bandwidth. The greater the bandwidth the more effort a DDoS attacker will have to make to crash your site. Moving your operation to the cloud may help.

  5. Take advantage of anti-DDoS hardware and software. Speak to your Managed Service Provider (MSP) if you have one.

  6. Make sure all staff know the symptoms of an attack and respond quickly to it using your plan.

What next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of business and loss of reputation. In the worst cases it can lead to the closure of the business altogether. But all is not lost.


So, what can I do?

Here at the centre, we would advise you to do three things now

1 - Join our free core membership by clicking through to https://www.ecrcentre.co.uk/core-membership-sign-up. You will be supported through implementing the changes you need to make to protect your business and your customers.

2 - For small and medium sized businesses in the Eastern region we would recommend that you look at improving you overall cyber resilience through the free Little Steps pathway we provide to Cyber Essentials – the basic government backed kite mark standard for cyber security. https://www.ecrcentre.co.uk/what-is-cyber-essentials. Join the centre as a free member and we will take you as far as the CE accreditation process. And if you want to pay for the assessment, we can refer you one of our Trusted Partners – all regionally based cyber security companies that can help you become accredited.


3 - We would also recommend that you speak to your Managed Service Provider and / or website company to discuss how they can implement cyber resilience measures on your behalf.

And remember that a company operating under Cyber Essentials processes is 99% protected either fully or partially from today’s common cyber-attacks.



Reporting Cyber Crime

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad). s common cyber-attacks.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.