Press Release: Security issues discovered across Europe’s top manufacturers’ web applications

UK’s Linde and Johnson Matthey among companies running vulnerable web apps in Outpost24’s Attack surface benchmark for Chemical Manufacturers report

Tuesday, March 29, 2022 – Outpost24, an innovator in identifying and managing cybersecurity exposure, today announced the results of its 2022 Web Application Security for Manufacturers report for the top European-based Chemical Manufacturers, as ranked by Chemical & Engineering News.

The report findings showed that the top Chemical Manufacturers run a total of 22,507 internet exposed web applications over 6,175 domains. When these were assessed, one in six (16%) of the applications discovered are utilising outdated components which contain known vulnerabilities. This is a major issue given external facing applications are prime targets used by threat actors for initial access to launch malware or ransomware. While 4% of them are deemed suspicious – these are likely testing environments that have been left open to the internet. Additionally, 1% of the web applications are dangerously exposed because the user credentials are already compromised and could be used by attackers to gain initial access.

Using their unique attack surface management tool, Outpost24 examined the digital footprint and application security posture of the biggest Chemical Manufacturers in the EU, uncovering concerning levels of vulnerabilities and weak spots in their attack surface. It found that 60% of the manufacturers studied were over what Outpost24 considers ‘critically exposed’ with an aggregated risk score of 32 or higher (out of 58.24). This puts the manufacturers at a significantly higher risk of potential cyberattacks. When compared to other industries in previous studies, Chemical Manufacturers had an overall average exposure score of 35.2, scoring only below EU retailers (48.30) and EU insurance providers (38.1), but above pharmaceutical and healthcare (32.79).

Amongst the most common attack vectors in web applications, the following 3 pose the biggest risks to the Chemical Manufacturers:

  • Security Mechanism: 63% of organisations had this as a critical issue
  • Degree of Distribution: 38% of organisations had this as a critical issue
  • Active Content and Cookies: 31% of organisations had this as a critical issue

From the takedown of Toyota supplier to last year’s cyber-attack on JBS, manufacturing remains one of the most targeted industries by cybercriminals and ransomware groups. A cyberattack will have detrimental consequences for Chemical Manufacturers which can result in stolen intellectual property, production disruptions and the potential to cause wider supply chain issues. Indeed, with the cost of a cyberattack expected to rise globally to $10.5 Trillion by 2025, manufacturers must proactively tighten their security defence against threat actors, business rivals and nation states hackers amid the Russia-Ukraine conflict.

“From the web applications that were examined, the Chemical Manufacturing industry has a very insecure digital footprint and overall security posture,” said Nicolas Renard, Security Researcher at Outpost24. “We know the significance a cyberattack can have against these critical systems, especially as these relate to hazardous chemicals, national infrastructure, pharmaceutical and medical supplies, which can impact core services.”

“Having continuous asset visibility into the number of web apps that are exposed, and the conditions they are in, will go a long way in reducing risk and remediating any critical vulnerabilities before hackers spot them,” said Stephane Konarkowski, Security Consultant at Outpost24. “With many of the systems internet-connected or external facing, adopting a proactive approach to improving security hygiene and vulnerability exposures could potentially save the company millions.”

The full Outpost24 2022 Web Application Security for Chemical Manufacturers report can be accessed here.

About Outpost24

The Outpost24 group helps organizations limit their digital exposure with a complete range of cyber risk management solutions. Outpost24’s cloud platform unifies asset inventory, automates security assessments, and quantifies risk in business context. Executives and security teams around the world trust Outpost24 to prioritize the most important security issues across their entire IT infrastructure for accelerated risk reduction. Founded in 2001, Outpost24 is headquartered in Sweden, with additional offices in the US, the UK, the Netherlands, Belgium, Denmark, France, and Spain.