Manufacturers are bombarded with phishing attacks

January 21, 2020

The manufacturing industry has invested heavily in cybersecurity the last few years, however, manufacturers still seem to be unsure how well they are protected, according to Deloitte’s Center for Industry Insights. This is likely due to the fact that manufacturers are hit hard with cyber attacks on a daily basis and in many cases don’t even know if the attacks are successful. Ericka Chickowski from Dark Reading writes, “…during the first half of 2018 manufacturing firms had the highest level of reconnaissance activity per 10,000 machines of any other industry. This kind of behavior typically shows that attackers are mapping out the network looking for critical assets.”

According to Proofpoint’s Human Factor report, manufacturing is one of the most phished industries, and data from Symantec’s 2018 Internet Security Threat Report (ISTR) supports this;

  • One in 384 emails sent to manufacturing employees contained malware
  • One in 3,988 emails was a phishing attempt
  • One out of every 41 manufacturing employees were sent a phishing attack

The ISTR also states that spear-phishing emails are by far the most widely used infection vector as they are used by 71% of the attackers.

With attack rates such as these it’s no wonder that 25% of the companies in the Sikich 2017 Manufacturing Report had a cybersecurity incident in the last 12 months and only 8.5% are ready to address cybersecurity.

Hackers know the week spots within any organization, the employees, and take advantage of this by sending phishing and spear phishing attacks that are difficult for employees to identify as a threat.

Kaspersky Lab recently discovered a massive phishing campaign aimed at stealing money from corporate accounts. At least 400 organizations from various industries, including manufacturing, have been targeted. The attackers carefully research the organizations to find out employees names, their positions, their area of focus, and more so they can send very specific and targeted phishing attacks. These attacks are disguised as commercial offers and other financial documents. For example, one phishing attack contained a car sale payment order with a malicious PDF file. The email was extremely detailed and mentioned real companies and tax IDs and even had the correct VIN for the specified model.

With such sophisticated attacks it’s hard to fault employees for clicking or responding to these messages. Manufacturers shouldn’t rely on their employees as their human firewall without arming them with the right tools. Phishing training can help but, in many cases, isn’t enough as we learned from our customer, Martin Engineering. Martin Engineering was getting hit hard with business email compromise and phishing attacks. They first implemented DMARC but quickly realized this wasn’t enough. They then implemented phishing training and saw a reduction from about 20% of their employees being prone to phishing to about 10%. That 10% number still concerned Mike Komnick, Martin Engineering’s IT Manager, so he decided to give Graphus® a try. Mike quickly saw the value of Graphus® as multiple threats were detected and malicious emails were auto-quarantined in real-time. Mike said, “It’s always good to have another layer of protection. Especially with Graphus with the email alerts. We don’t have a dedicated security person on staff. Having that email alert and real-time response has been fantastic.

Want to try Graphus® out for yourself? Click the button below to get started today!

Get a Demo of Graphus