Blog Posts Business Management

How Hackers Are Targeting Manufacturing Businesses

Blog: Apriso Blog

10-29-15 ImageManufacturers now operate in an increasingly connected world. The Industrial Internet of Things promises to expand connectivity and access to
equipment, machines and processes to a level never seen before. However, there is an ugly side to this collaboration transformation that is being embraced by manufacturers across the world – the risk of a loss of data, or of control of the systems that are being run in an increasingly centralized manner.

Manufacturing businesses are seeing an increased level of cyber-attacks directed at them using a variety of attack methods. The cyber-attacks may come from individual hackers, organized crime rings or groups operating under the auspices of a foreign government. Reasons for the attacks vary, but often the purpose is to steal trade secrets and intellectual property from the business. The culprits today are less likely to be those interested in just bragging rights of what can be hacked – the motives today tend to be much more focused, deliberate and with cause to specifically inflict harm to a victim’s computer or network.

Attacks generally fall into one of four categories as described below.

1. Drive-by Downloads

As the result of a drive-by download, malware is loaded onto a computer or other device, often without the user’s knowledge. This type of attack derives its name from the fact that no one has to make a selection or click on a link for the malicious code to be downloaded. Simply opening or “driving by” a compromised page is enough to start the download process.

2. Cross-site Scripting

Cross-site scripting (XSS) differs from drive-by downloads in that it uses a script to steal confidential information such as login names and passwords. Obviously, this creates massive vulnerabilities in an entity’s operations. An IT consultant with a degree in security studies says firewalls and other protective measures may not provide an adequate level of protection from a XSS attack. This is typically because the attack usually comes in the form of an email suggesting that a user click on a specific link for more information. The best defense manufacturers can put up against XSS attacks is to educate employees—especially those with access to important data—on safe browsing practices.

3. Watering Hole Attacks

Watering hole attacks are especially insidious because they target trustworthy sites such as which suffered a watering hole attack in early 2015, allegedly from Chinese hackers. In this type of attack, the perpetrator hijacks the legitimate site, or watering hole, installing malicious code which subsequently allows the hacker to exploit the software of visitors to the site.

4. Wrappers

A wrapper is malware with legitimate software wrapped around it, shielding it from security programs. A wrapper may be encountered in a PDF document, a Word document, a utility tool or a computer game. The wrapper program shows the user only what they are looking for: however, unknown to the user, the wrapper program is simultaneously installing malicious code.


These four types of cyber-attacks are frequently used against manufacturing businesses. The best protection in each case is education, although there are certainly many types of firewalls, intrusion prevention and vulnerability assessment software programs that can help secure both data at rest and data in motion. Employees should learn to keep software current and install patches recommended by software suppliers. Security software should be implemented in addition to firewalls and other protective devices. Employees also should be educated to guard against the temptation to click on unknown links or visit pages that have not been verified as trustworthy.


If you liked this article, here are others you might also find interesting:

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples