Manufacturing is beset by external actors using password dumper malware and stolen credentials to hack into systems and steal data. While the majority of attacks are financially motivated, there was a respectable showing of Cyber-Espionage-motivated attacks in this industry as well. Internal employees misusing their access to abscond with data also remains a concern for this vertical.
922 incidents, 381 with confirmed data disclosure
Crimeware, Web Applications and Privilege Misuse represent 64% of breaches
External (75%), Internal (25%), Partner (1%) (breaches)
Financial (73%), Espionage (27%) (breaches)
Credentials (55%), Personal (49%), Other (25%), Payment (20%) (breaches)
Boundary Defense (CSC 12), Implement a Security Awareness and Training Program (CSC 17), Data Protection (CSC 13)
Bad actors, bad actions, bad puns
It has been said that the proper study of mankind is Man(ufacturing), or at least we are pretty sure that is how the adage goes. We hope so at least, because we have been giving a lot of thought to that topic. The Manufacturing vertical is very well represented this year with regard to both incidents and breaches. As always when we see a large increase, it could be indicative of a trend or simply a reflection of our caseload. In this instance, it is certainly the latter.
However, NAICS 31—33 has long been a much-coveted target of cybercrime and this year is no exception. Whether it is a nation-state trying to determine what its adversary is doing (and then replicate it) or just a member of a startup who wants to get a leg up on the competition, there is a great deal of valuable data for attackers to steal in this industry. And steal it they do. The predominant means they employ for this theft falls under the Crimeware pattern, as shown in Figure 75. Namely, the Password dumper, Capture app data and Downloader varieties.