Why Manufacturing IP is So Susceptible to Cyber Theft

While electronic theft of intellectual property (IP) has been happening for a long time, it got people’s attention when it was discovered that hackers were going after the formulas for the COVID-19 vaccines.  After all, why spend billions of dollars developing a vaccine, especially if you don’t have the experience or facilities, when you can just steal it?

Many of these attacks are initiated by foreign powers or their proxies in the hacker community.  The biggest state sponsors of IP theft include China, Russia, Iran, and North Korea.  These countries are known to be targeting the COVID-19 vaccines so they can quickly provide them to their citizens and allies.

However, there is also industrial espionage going on between companies.  Companies may hire hackers, or use their own employees, to break into a competitor’s systems to obtain IP or trade secrets.  The level of success they have is questionable, because neither the attacker nor the victim wants to draw attention to it.  It simply provides negative publicity for both.

IP cyber theft goes well beyond stealing vaccine formulas, though.  Commonly stolen items include software/source code, music, games, and engineering plans.  In addition, trade secrets such as manufacturing methods, and ideas can also be stolen.  Overall, it can be a profitable endeavor for attackers.

What Makes Manufacturing IP Susceptible to Theft?

Theft of manufacturing IP, such as designs, manufacturing processes, trade secrets, or other types of IP may not be discovered until it is on the open market, or even worse, being used by a competitor.  It can easily be slipped from a target network without the manufacturer having a clue.  What makes IP so easy to capture, reuse, or sell?

First, IP can be hacked and copied by attackers without the owner knowing about it.  After all, if proprietary information is copied, and the attacker leaves the network entirely after the theft, then likely no trace will be found until the attacker starts using the information in some way.  Whether it is a foreign power or a competitor, they are likely to leave once they have what they want.

The right IP from the right company can be worth billions of dollars.  Breakthrough technologies can be sold to a competitor for a great deal of money.  An attacker generally has a willing buyer lined up, and is doing the job under contract.  Even if they don’t, a valuable piece of IP can often be sold within hours.

Second, IP is not likely to be found for sale on the dark web, or held for ransom.  In the vast majority of cases, the attack has been conducted at the instigation of a foreign power seeking technology, or a competitor seeking new product information, perhaps to copy.  The point is that there is usually already a ready customer, so the victim may never find out about the theft at all.

Third is the dreaded insider threat, where an attacker may pay (or blackmail) an employee for access to a privileged username and password.  Insider threats are particularly difficult to identify and track down.  Often only the use of behavior analytics can identify an insider threat determined to not get caught.

Last, many companies that combine administrative systems with manufacturing systems end up with highly complex networks consisting of many different systems and devices.  That tends to increase the attack vectors.  Endpoint analysis can be important here, as many attacks are able to come in through devices collecting data or monitoring industrial processes.

Attack Vectors Are Many

Attackers can get in through a wide variety of ways.  A common one is through social engineering.  For example, the Robinhood breach earlier was the result of a phone call to an inexperienced customer support representative.  Getting someone’s username and password in this manner is probably one of the easier ways of accessing valuable IP.

Attackers may try to guess passwords, or use brute force to attempt to unlock a legitimate user account.  But social engineering remains the easiest way to break into a system.

Protecting Your IP

Some enterprises simply don’t have IP enticing enough or useful enough to sell to specific governments or competitors, in which case ransomware is an option.  But paying ransom can be tricky, in that the enterprises can never be sure that they received every last copy of their data.  Attackers can take the ransom, return the IP data but still put it on the open market, to better assess a price for it.

IP is the lifeblood of many manufacturing organizations, and protecting it from theft should be a significant priority.  Edge protection is a necessity, as is both SIEM and User & Entity Behavior Analytics (UEBA) to detect insider threats.  All parts of the network should be covered in order to protect your IP.

Gurucul XDR combined with Analytics-Driven SIEM and UEBA provides complete coverage of both insider threats and external attacks.  Only by active search internally for threats, coupled with a comprehensive view of the network, can manufacturing enterprises protect their IP.