By Gregory Hale
Cyber attacks in the manufacturing industry continue to grow and it appears financially motivated assaults outnumber cyber-espionage as the main reason for breaches for the second year in a row, a new report found.
On top of that, financial attacks grew by a more significant percentage with a 41 percent difference, according to the 2019 Verizon Data Breach Investigations Report (DBIR), with financial at 68 percent and espionage at 27 percent. This report is built upon analysis of 41,686 security incidents, of which 2,013 were confirmed data breaches.
Key findings from the manufacturing sector this year include:
• Financial (68 percent) and espionage (27 percent) were the most prominent motives for data breaches in the manufacturing sector, trailed by grudge (3 percent) and fun (2 percent). Despite the rise of financially motivated breaches, cyber-espionage is still a strong motivator.
• Most breaches in manufacturing involve phishing and the use of stolen credentials.
• 75 percent of threat actors were external and the primary perpetrators, when known, were organized crime (motivated by financial gain).
• Threat actors most often target four data areas in manufacturing: Credentials (49 percent), internal (41 percent), secrets (36 percent) and personal information (25 percent).
In the past, manufacturing experienced a higher level of espionage-related breaches than other verticals, but the Verizon researchers are not convinced financial gain has grown by that much. They feel their partners who typically provide data around cyber-espionage may have been occupied on other types of investigations. “This may have contributed to a bias on those results, meaning the real percentage of cyber-espionage cases was higher in the wild. If the relative percentage of one type of case goes down, the result is an apparent upswing in the other,” they said in the report.
Manufacturing shares the same burden of dealing with stolen web-mail credentials as other industries. Most breaches with a web application as a vector also featured a mail server as an affected asset. From an overall breach perspective, the use of stolen credentials and web applications were the most common hacking action and vector.
Cyber-espionage, while not as prominent as in past reports, is still an attack type the manufacturing industry needs to defend against. The typical utilization of phishing attacks to convince users to install remote access tools that establish footholds and begin the journey toward stealing important competitive information from victims remains the same, the researchers said. The reason phishing attacks remain the same is, simply, they work. There needs to be an ongoing education and training program to inform users not to click on attachments from unknown senders or from odd looking email addresses from a familiar name. Easier said than done, but it is something that can happen.
Tips to Protect Manufacturing Enterprise
For those in the manufacturing sector, researchers in the 2019 Verizon Data Breach Investigations Report offer items to consider:
Multiple factors work better than one: It is a good idea to deploy multiple factor authentication throughout all systems that support it, and discourage password reuse. These actions will definitely help mitigate the impact of stolen credentials across the organization.
Recycling also applies for security: Regardless of motivation, a large number of breaches in this sector started with phishing or pretexting attacks. Providing employees with frequent security training opportunities can help reduce the likelihood they will be reeled in by one of those attacks.
Workers must use safety equipment at all times: Unless inconvenient to do so – due to the prevalence of malware usage in espionage breaches – it is advisable to deploy and keep up-to-date solutions that can help detect and stop those threats.
In keeping with the rise in financially motivated attacks, the primary perpetrator when known is organized crime, the report said.
In regard to stolen data, there is a group of four types that feature prominently in manufacturing. Credentials (49 percent) and internal data (41 percent), stem from the webmail attacks – if a more specific data type is not known, internal is used for compromised organizational emails. Secrets (36 percent) drop from previous heights commensurate to the reduction in espionage as a motive. The fourth is personal information (25 percent), a data type that includes employee’s W-2 information and other nuggets that can be used for identity theft.