When it comes to phishing attempts, the manufacturing industry is one of the most vulnerable sectors. In the recent report, 2020 State of Encrypted Attacks, security company, Zscaler, revealed that manufacturing was the most targeted industry by phishing attempts with 38.6% of this year’s attacks aimed at the sector.
The manufacturing is vulnerable because their organizations are often highly fragmented, with individual facilities using different IT infrastructures and multiple disjointed systems. Without unified controls, centralized visibility, and policy enforcement, security is incomplete, and cybercriminals exploit these holes. Also, the networks of legacy equipment were not designed for public exposure.
In addition to phishing, manufacturing was the number one target for other browser exploits, with the report citing that 26.5% of browser attacks aimed at manufacturing. Those exploits allow attackers to take advantage of vulnerabilities in operating systems while also changing the users’ browser settings without their knowledge.
Attacks Via “Tech Support”
The report looked at the first two-thirds of 2020 and found manufacturing wasn’t doing well to fend off cyberattacks. “The manufacturing sector faced the largest number of phishing attacks through encrypted channels for the first nine months of 2020, with more than 38% of attacks targeting this sector,” Deepen Desai, CISO and VP of security research at Zscaler, told Design News. “One popular method in hackers’ toolbox was spoofing well-known brands such as Microsoft as well as Tech Support.”
The cybercriminals disguise themselves as helpful agents after they cripple a user’s computer. “Attackers typically use a malicious web redirect from compromised websites that claims the user’s machine has been hacked and that “Microsoft support” will fix it – that is once the user’s credit card information has been submitted,” said Desai.
Once the phishing is successful, even more fun ensues. “Phishing is typically the first stage of a multistage cyberattack involving credential theft via unsuspecting emails. If an unsuspicious user clicks, then the attack moves into the malware installation phase, and ultimately to the exfiltration of valuable corporate data,” said Desai. “Browser exploits allow attackers to take advantage of a vulnerability in the web browsers and plugins to install malware without the user's knowledge.”
Why the Vulnerabilities?
Manufacturers are particularly vulnerable because they often use legacy equipment that was never designed to be on a network that moved out into the world. “Many organizations follow security best practices and encrypt their traffic. However, legacy security controls often lack the performance and capacity to inspect the traffic at scale,” said Desai. “Unfortunately, no industry is immune to security threats.”
Part of the work to protecting manufacturing networks is to monitor who is on the network. “As more traffic is encrypted, it is mission-critical to inspect all of the traffic,” said Desai. “A proxy-based architecture with a multilayer defense-in-depth strategy that fully supports SSL inspection is essential to an organization's security approach, regardless of size.”
To ensure security, manufacturers have to examine all reaches of their networks. “Individual manufacturing facilities often use different IT infrastructures and systems which can mean more fragmented structures. This creates security gaps and makes the industry a lucrative target for various cyberattacks,” said Desai. “As in other industries, without unified controls and centralized visibility and policy enforcement, security will be incomplete, and cybercriminals can continue to exploit these holes.”
The Battle Against Phishing
Desai noted that Zscaler cloud-blocked more than 193 million phishing attempts delivered over encrypted channels between January and September 2020. Of those attacks, 26.5 were manufacturers. He explained the precautions companies can take against phishing and other browser attacks:
- Decrypt, detect, and prevent threats in all SSL traffic with a cloud-native proxy-based architecture that can inspect all traffic for every user.
- Quarantine unknown attacks and stop patient-zero malware with AI-driven quarantine that holds suspicious content for analysis, unlike firewall-based passthrough approaches.
- Provide consistent security for all users and all locations to ensure everyone has the same great security all the time, whether they are at home, at headquarters, or on the go.
- Instantly reduce your attack surface by starting from a position of zero trust, where lateral movement can’t exist. Apps are invisible to attackers, and authorized users directly access needed resources, not the entire network.
Rob Spiegel has covered automation and control for 19 years, 17 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cybersecurity. For 10 years, he was the owner and publisher of the food magazine Chile Pepper.