Blog archive
Cyberattacks targeting manufacturers

Cyber attacks shift from agencies to IT suppliers

Attacks against government systems dropped sharply in 2012 compared with the year before, according to the latest Internet Security Threat Report from Symantec, but that does not mean that the pressure is off. Attackers are just changing their tactics by targeting upstream companies in the government supply chain.

“There has been a marked shift” in targeting, said Paul Wood, Symantec’s cybersecurity intelligence manager. Attackers seem to be shifting their sights to the manufacturing sector, and often to smaller companies that offer softer targets, he said.

The most recent report analyzes attack data gathered during 2012 calendar year from Symantec’s Global Intelligence Network and its cloud-based Web and e-mail security services.

The shift is evident in the lists of most commonly targeted sectors for the last two years. In 2011 government was the most-targeted sector, with 25 percent of identified attacks. In 2012 it moved to fourth place, with just 12 percent. In the same period, the manufacturing sector went from third place to the top of the list, accounting for 24 percent of attacks last year.

But “manufacturing” is a broad classification and the figures become more interesting when you break them down. “The vast majority seem to be in the defense realm,” Wood said. Six of the 10 most frequently targeted companies are defense industry contractors.

In an increasingly global, off-the-shelf IT environment, supply chain security has become a major concern for agencies and steps are being taken to identify trusted suppliers. In addition to the risk of counterfeit or compromised products and components, vendors and private-sector partners also can be back doors into well-defended government systems. Homeland Security and the Defense Department address this issue in the Defense Industrial Base program to streamline the sharing of intelligence with supply chain partners.

But protecting the entire chain with sensitive information can be difficult. The percentage of small to medium-sized businesses being targeted has increased sharply in the last year, from 18 percent in 2011 to 31 percent in 2012.

“When you look at the supply chain, the small business is perhaps the weakest link,” Wood said. A small upstream partner could provide the access and information an attacker could use to successfully social engineer an attack against a larger partner.

It is difficult, if not impossible, to identify the source of many attacks, and because those being analyzed were the ones that were identified and blocked, it is hard to say for sure what the attackers would have done had they been successful. But the shift shows that the attackers are motivated, disciplined and persistent. The worst kind of attacker.

Posted by William Jackson on Apr 17, 2013 at 9:39 AM


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.