Manufacturing is beset by external actors using password dumper malware and stolen credentials to hack into systems and steal data. While the majority of attacks are financially motivated, there was a respectable showing of Cyber-Espionage-motivated attacks in this industry as well. Internal employees misusing their access to abscond with data also remains a concern for this vertical.
922 incidents, 381 with confirmed data disclosure
Crimeware, Web Applications and Privilege Misuse represent 64% of breaches
External (75%), Internal (25%), Partner (1%) (breaches)
Financial (73%), Espionage (27%) (breaches)
Credentials (55%), Personal (49%), Other (25%), Payment (20%) (breaches)
Boundary Defense (CSC 12), Implement a Security Awareness and Training Program (CSC 17), Data Protection (CSC 13)
Bad actors, bad actions, bad puns
It has been said that the proper study of mankind is Man(ufacturing), or at least we are pretty sure that is how the adage goes. We hope so at least, because we have been giving a lot of thought to that topic. The Manufacturing vertical is very well represented this year with regard to both incidents and breaches. As always when we see a large increase, it could be indicative of a trend or simply a reflection of our caseload. In this instance, it is certainly the latter.
However, NAICS 31—33 has long been a much-coveted target of cybercrime and this year is no exception. Whether it is a nation-state trying to determine what its adversary is doing (and then replicate it) or just a member of a startup who wants to get a leg up on the competition, there is a great deal of valuable data for attackers to steal in this industry. And steal it they do. The predominant means they employ for this theft falls under the Crimeware pattern, as shown in Figure 75. Namely, the Password dumper, Capture app data and Downloader varieties.
- 2020 DBIR
- DBIR Cheat sheet
- Summary of findings
- Results and analysis
- Incident classification patterns and subsets
- Industry analysis
- Accommodation and Food Services
- Arts, Entertainment and Recreation
- Educational Services
- Financial and Insurance
- Mining, Quarrying, Oil & Gas Extraction + Utilities
- Other Services
- Professional, Scientific and Technical Services
- Public Administration
- Real Estate and Rental and Leasing
- Transportation and Warehousing
- Does size matter? A deep dive into SMB Breaches
- Regional analysis
- CIS Control recommendations
- Year in review
- Appendices (PDF)
- Download the full report (PDF)
This combination of obtain password, infiltrate network, download software and then capture data paints a very clear picture of what’s going on in this vertical, but it may not be a picture you want hanging on your wall if you do business in this area. But while we are on the topic of malware in general, keep in mind that ransomware (while not considered a breach in this report) is still a very present danger for this industry at 23% of all malware found in incidents.
Web Applications attacks took the number-two place this year and are dominated by the Use of the stolen credentials to compromise a variety of web apps used in enterprises. Sometimes these credentials are obtained via malicious links served up in successful phishing attacks, sometimes they are obtained via desktop sharing and sometimes it is unclear how the victim is infected. Regardless of how they are compromised, these credentials, often of the cloud-based email variety, are very successful as a means to an end in this vertical, as you can see in Figure 76.
There are several patterns that are closely grouped around the third-place position for Manufacturing: Misuse (13%), which by definition involves insiders, and is mostly Privilege abuse—the actor has legitimate access but they use those privileges to do something nefarious—and Data mishandling, of which prime examples are sending company data via personal email or placing it on cloud drives in order to work from home (Figure 77).
Error is ubiquitous in all of the verticals this year, and in Manufacturing it is in keeping with the trend of Misdelivery and Misconfiguration that we see in other industries. Finally, we would be remiss to not say a word or two regarding cyber-espionage- related attacks.
As a glance at Figures 78 and 79 reveals, 38% of actors were of the Nation-state variety, and 28% of breaches were motivated by Espionage. As we have mentioned in previous reports, it is cheaper and simpler to steal something than to design it yourself. And while large organizations are often willing to outsource their help-desk functions, they are, as a rule, not as eager to ship off their intellectual property and research-and-design generation to foreign locales.