Manufacturing has been experiencing an increase in financially motivated breaches in the past couple of years, but espionage is still a strong motivator. Most breaches involve phishing and the use of stolen credentials.
352 incidents, 87 with confirmed data disclosure
Top 3 Partners
Web Applications, Privilege Misuse, and Cyber-Espionage represent
71% of breaches
External (75%), Internal (30%), Multiple parties (6%), Partner
Financial (68%), Espionage (27%), Grudge (3%), Fun (2%) (breaches)
Credentials (49%), Internal (41%), Secrets (36%) (breaches)
Uncle Owen, this R2 unit has a financial motivator
For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in Manufacturing, and this year by a more significant percentage (40% difference). If this were in most any other vertical, it would not be worth mentioning as money is the reason for the vast majority of attacks. However, Manufacturing has experienced a higher level of espionage-related breaches than other verticals in the past few years. So, shall we conclude that James Bond and Ethan Hunt15 have finally routed their respective nemeses for good? Are we free to buy the world a Coke and teach it to sing in perfect harmony? Probably not. A more likely explanation is that some of our partners who typically provide data around cyber-espionage were either unable to participate this year or simply happened to work other types of investigations. This may have contributed to a bias on those results, meaning the real percentage of cyber-espionage cases was higher in the wild. If the relative percentage of one type of case goes down, the result is an apparent upswing in the other.
- 2019 DBIR
- A couple of tidbits
- Summary of findings
- Results and analysis
- Unbroken Chains
- Incident Classification Patterns and Subsets
- Data breaches: extended version
- Victim demographics and industry analysis
- Accommodation and Food Services
- Educational Services
- Financial and Insurance
- Professional, Technical and Scientific Services
- Public Administration
- Wrap up
- Appendices (PDF)
Speaking to the web application attacks, this industry shares the same burden of dealing with stolen webmail credentials as other industries. Most breaches with a web application as a vector also featured a mail server as an affected asset. From an overall breach perspective, the use of stolen credentials and web applications were the most common hacking action and vector – see Figures 54 and 55.
Secrets and truths
The Cyber-Espionage pattern, while not as prominent as in past reports, is still an attack type that we recommend the Manufacturing industry defend against. The typical utilization of phishing attacks to convince users to install remote access tools that establish footholds and begin the journey towards stealing important competitive information from victims remains the same.
In keeping with the aforementioned rise in financially motivated attacks, the primary perpetrator when known is organized crime. With regard to data variety, there is a group of four data types that feature prominently in this industry. Credentials (49%) and Internal data (41%), stem from the webmail attacks – if a more specific data type is not known, Internal is used for compromised organizational emails. Secrets (36%) drop from previous heights commensurate to the reduction in espionage as a motive. The fourth amigo is Personal information (25%), a data type that includes employee’s W-2 information and other nuggets that can be used for identity theft.
Things to consider
Multiple factors work better than one
It is a good idea to deploy multiple factor authentication throughout all systems that support it, and discourage password reuse. These actions will definitely help mitigate the impact of stolen credentials across the organization.
Recycling also applies for security
Regardless of motivation, a large number of breaches in this sector started with phishing or pretexting attacks. Providing employees with frequent security training opportunities can help reduce the likelihood they will be reeled in by one of those attacks.
Workers must use safety equipment at all times
Unless inconvenient to do so – due to the prevalence of malware usage in the espionage breaches, it is advisable to deploy and keep up-to-date solutions that can help detect and stop those threats.
15 Old-school readers, feel free to substitute Rollin Hand as the pop culture reference here if preferred.