Why Are More Hackers Targeting Industrial Systems?

Cybercriminals are increasingly hacking industrial control systems to profit off the widespread adoption of new technologies with weak cybersecurity. Industry 4.0 is paving the way for advanced devices, like robotics and IoT. Unfortunately, many businesses are not adopting adequate security to protect them. This is creating a highly desirable opportunity for cybercriminals to cause problems.

Taking Advantage of Valuable Systems

Reported cyberattacks increased by 38% worldwide in 2022. Incidents of hacking industrial control systems and data theft have been steadily growing over the past few years and show no signs of slowing down. However, the most popular hacking types shift from quarter to quarter. Recently, hackers have been targeting industrial systems specifically.

There are many possible motivations a hacker could have when they choose a victim. In this case, financial gain is likely one of the most common motivators. Cybercriminals may target industrial systems more frequently because of the effort-to-payoff ratio at play. The ideal mark for any hacker is a system that requires minimal effort to compromise but is valuable enough that users are likely to pay a ransom to regain control.

With this strategy in mind, hacking industrial control systems can seem appealing. A facility like a manufacturing plant can have hundreds of individual devices in its network. Criminals are betting on the reality that it’s extremely difficult for managers to track this many devices. There’s a relatively high chance of finding vulnerable equipment and compromising it unnoticed.

The consequences can be severe if the hacker can shut down even a single piece of machinery or assembly line with malware. The manufacturing plant could lose thousands of dollars due to downtime and employee safety could be jeopardized. This level of urgency and financial risk significantly increases the likelihood that the manufacturing plant’s leaders will cave and pay the hacker the ransom to release their network.

Device Hijacking Campaigns

Financial gain directly from targeted businesses isn’t always the motivation for cyberattacks on industrial systems. Sometimes hackers compromise, hijack or infect devices to serve in a larger campaign. Taking control of countless individual devices lets cybercriminals create a botnet, a network of computers forced to run malicious code.

Poor device management is one of the main reasons industrial systems are prime targets for botnet creation. Unfortunately, many industrial businesses are adopting new technologies to adapt to Industry 4.0, but their cybersecurity needs to catch up. This makes it very easy for hackers to use simple tricks like password crackers to hijack industrial devices like PLCs.

The combined lack of visibility and security awareness can allow hijacked devices to go unnoticed until it’s too late. Plus, the high volume of items on a single industrial business’s network is convenient for hackers trying to build a botnet. Breaking in can gain them access to potentially hundreds of individual devices. From this perspective, industrial systems are gold mines.

It can be difficult for businesses to protect themselves from botnet campaigns. However, advanced device security practices can help. For instance, security experts recommend complying with the CMMC, or Cybersecurity Maturity Model Certification, which entails using methods like multifactor authentication. MFA can be highly effective for stopping rudimentary hijacking tools like password crackers.

The Purpose of Device Hijacking and Botnets

The purpose of botnet campaigns highlights why hacking industrial control systems is so appealing. As a general rule, botnet attacks grow stronger with more devices. These “zombie” devices increase the botnet’s power like a plague that spreads through electronics. Every device becomes another tool for the hacker to command.

Hackers can use botnets to rapidly spread malware or ransomware. This allows them to automate infecting devices and demanding ransom payments from victims. Similarly, a cybercriminal could force all the items in a botnet to barrage the same web address or network at once, causing a DDoS attack. Hackers might also use botnets to distribute phishing or spam content, hoping to steal data or money from victims.

More recently, hackers have also begun using botnets to steal cryptocurrency data from victims. Devices are forced to run a malware program that regularly scans the victim’s clipboard for data like cryptocurrency transfers or wallet information. This can open the door for the criminal to intercept a crypto transfer or steal currency from a victim’s digital wallet.

IoT devices are particularly effective for building botnets to launch these attacks. More
businesses are adopting these items without adequately protecting them. The high level of connectivity these gadgets have can also be a security risk without the right protections. As a result, industrial systems are becoming hives of vulnerable devices perfect for creating botnets.

Hacktivism and Sabotage

Financial gain and botnet creation are the two most common motivations for cyberattacks on industrial systems. However, a few other motivations hackers could have are worth mentioning.

Hacktivism One increasingly common motivation for cyberattacks is “hacktivism,” hacking with activist goals. These attacks are intended to call attention to some ideological or political belief, such as protesting products a business sells.

Many famous acts of hacktivism were politically motivated. For example, one infamous hacktivist attack in 2011 occurred when a group threatened to hijack Fox News’s website. The hackers announced in their warnings that the attack was intended to be retaliation for political views Fox News had been sharing at the time.

Similarly, in 2016, a group of Russian hackers stole sensitive emails from presidential candidate Hillary Clinton. The emails were publicly shared online to hurt Clinton’s campaign.

The most famous cases of hacktivism may center on political figures, but businesses can also be prime targets. This is especially true for companies in industries related to heated social issues. For example, oil companies are at relatively higher risk of hacktivist attacks motivated by environmental concerns.

Industrial systems can be appealing targets for hacktivists because a major shutdown can quickly stir up attention while also causing financial and reputation issues for the business under attack.

Sabotage
In addition to outright hacktivism, some hackers may target industrial systems to sabotage them. In these cases, money is often not a key motivator. These criminals typically want to damage the business under attack. For instance, the hacker might intentionally render devices nonfunctional, a tactic known as “bricking.”

Sabotage cyberattacks may originate from insider threats, such as a company’s disgruntled current or former employees. They may hack to get revenge for being fired. Likewise, a sabotage attack could originate from a competitor or an independent hacker who supports a business’s competitor.

Prevent the Hacking of Industrial Control Systems

Trends in adopting new technologies are contributing to the rise in cyberattacks targeting industrial systems. There are several main motivators for the hackers behind these attacks, including seemingly easy financial gain and the construction of botnets. These threats can be concerning, but businesses can take steps to protect their networks.

Hackers are betting on companies connecting devices and forgetting about them. Therefore, network safety measures can go a long way to prevent the hacking of industrial control systems.