Getty image / cyber criminal Getty
Not all data is useful, but items like passwords and authentication details, plus phone numbers, email and physical addresses, credit card numbers, and names all are valuable to hackers.

What Do Hackers Do With Your Stolen Data?

Motives and intentions vary, but no manufacturing enterprise is beyond the approach of cybercriminals.

Businesses, like consumers, by now are tired of hearing about data breaches and cybersecurity worries. Unfortunately, these problems are not going away: Big Data is a critical element of the manufacturing process now, allowing manufacturers to track down wasteful spending, identify operational bottlenecks, and achieve greater oversight and transparency during the manufacturing process.

Those are all positive features of Big Data, but all of that potential comes with an ever-larger threat surface, too. Hackers regularly find novel ways to subvert security measures or take advantage of users’ carelessness. But what do they do with the information they manage to steal? Here's a look at some of the things that motivate cybercriminals to target manufacturers.

Sort by usefulness — Once they have a repository of data to comb through, hackers — like any other savvy businessperson — get to work identifying and sorting what they have. Not all data is useful, but items like passwords and authentication details, plus phone numbers, email and physical addresses, credit card numbers, and names all are highly valuable.

Sometimes hackers will sell this information outright. Other times, they will use it to commit future breaches — including to steal more valuable information than what they have gathered already.

Sell or reverse-engineer IP — The industrialized world runs on competition, trade secrets, and intellectual property (IP). Not surprisingly, IP is a prime target of lone actors and even state-sponsored hackers. For example, according to trade representatives in the current U.S. administration, IP theft committed by China through clandestine means costs $50 billion or more each year.

When it comes to hacking into a company's infrastructure to make off with trade secrets, hackers' motivations run the gamut from simply hoping to sell it for a profit to helping the country or company they represent achieve a competitive advantage. In 2016, ThyssenKrupp indicated hackers had initiated a data breach of the company's digital infrastructure with industrial espionage as the apparent motivation.

In a statement, a company representative said: "According to our analyses, the aim was essentially to steal technological know-how and research ... there have been no signs of sabotage and no signs of manipulation of data and applications or other sabotage."

Hold it for ransom — The frequency of ransomware attacks rose by 250% in 2017 and cost stakeholders an estimated $5 billion. It's simple enough in concept after achieving access to critical personal or operational data, hackers either move the data offsite or encrypt it and then attempt to extort a monetary or material ransom. It's something individual internet users are regularly warned about — but what about major manufacturers?

Norsk Hydro is one of the world's largest aluminum producers as well as a hydroelectric power supplier. In 2019, hackers brought the company's Oslo operations to a halt using a type of ransomware attack known as "LockerGoga." A similar attack hit a consulting firm in Paris around the same time.

A Norsk Hydro representative said in a statement that the attack seems to have originated in the U.S., but would not detail whether the attack was limited to company computers or if it had infiltrated industrial control systems too. The motive, as with most malware-based attacks, was to extract a monetary ransom.

What makes LockerGoga particularly dangerous and effective is that, according to security analysts, very few of the anti-malware products now available are equipped to neutralize or detect it.

Place fraudulent orders, perform cyber activism — Chinese manufacturer Foxconn has made news for several unfortunate reasons in recent years. It’s a major supplier of electronic components to Apple, so the company is under more scrutiny than most manufacturers. A few years ago, a hacker group known as Swagg Security penetrated Foxconn's digital infrastructure and made off with user names, passwords, and other sensitive records. The hackers themselves declared the attack a success on social media and boasted that the stolen credentials could be used to place fraudulent orders under the guise of major corporations, like Intel, Dell, Microsoft and, of course, Apple.

While taking credit for the attacks, the hackers indicated another motive — cyber activism, commonly referred to as "hacktivism." The opening paragraph of their illiterate public message reads: "So Foxconn thinks they got 'em some swagger because they work with the Big Boys ... Fool, you don't know what swagger is. They say you got your employees all worked up, committing suicide 'n stuff. They say you hire Chinese workers 'cause you think the Taiwanese are elite. We got somethin' served up good ... real good ... Your company gonna' crumble, and you deserve it."

It's an interesting (if not quite erudite) message — and a reminder that, in a warped way, some cybercrimes are motivated by things other than (or perhaps in addition to) simple greed. In this case, the motive appears to be solidarity with the less fortunate.

Vandalism via IoT and Big Data — When hackers steal credentials, it's often with the intention of gaining control over a company's physical-digital systems. In the manufacturing industries, these systems consist of everything from 3D printers to lathes, CNC controls, material handling equipment, and robotic arms. As demonstrated by researchers at Trend Micro, the manufacturing equipment used by companies like Kawasaki, Yaskawa and others, in their current form, are surprisingly vulnerable to outside attack.

Researchers proved their point by gaining control of and then modifying configuration files for multi-axis robotic arms increasingly common tools used by manufacturers in their pivot to connected systems, automation, the IoT and other Industry 4.0 technologies. By making a small change to these files, researchers altered the movement of the robots in a way that would, at best, destroy the workpiece and, at worst, injure nearby personnel.

Manufacturers increasingly rely on internet-connected infrastructure to automate their operations and plants, to send and receive data throughout their enterprises. In other cases, Internet of Things devices are the products themselves rather than the means to create products.

In a chilling example of cyber vandalism, in 2017 hackers leveraged an exploit in the data systems of a toy manufacturer called CloudPets. After the company accidentally left a critical database exposed, hackers made off with the passwords of an estimated 800,000 customers. CloudPets products allow children and parents to communicate with each another remotely using plush toys equipped with wireless technology. Thanks to the information gleaned in this data breach, hackers could turn these toys into surveillance tools.

Why are manufacturers so vulnerable? — It's a delicate time for companies making the transition to Industry 4.0, Big Data systems, and the Internet of Things. Connecting our digital and physical systems together and gathering data from every corner of enterprise offers significant value for modern manufacturers.

And as noted above, sometimes all it takes is one unsecured machine or database to throw open the door to hackers. What they do with the information they glean differs from case to case, but nobody in manufacturing should be under the impression they're beyond reach or notice.
Kayla Matthews writes about the IoT, IIoT, automation and smart technologies for publications like InformationWeek, Manufacturing.net, Robotiq others. To read more from Kayla, follow her personal tech blog, Productivity Bytes.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish