How Hackers Are Targeting Manufacturing Businesses

Blog: Apriso Blog

Manufacturers now operate in an increasingly connected world. The Industrial Internet of Things promises to expand connectivity and access to
equipment, machines and processes to a level never seen before. However, there is an ugly side to this collaboration transformation that is being embraced by manufacturers across the world – the risk of a loss of data, or of control of the systems that are being run in an increasingly centralized manner.

Manufacturing businesses are seeing an increased level of cyber-attacks directed at them using a variety of attack methods. The cyber-attacks may come from individual hackers, organized crime rings or groups operating under the auspices of a foreign government. Reasons for the attacks vary, but often the purpose is to steal trade secrets and intellectual property from the business. The culprits today are less likely to be those interested in just bragging rights of what can be hacked – the motives today tend to be much more focused, deliberate and with cause to specifically inflict harm to a victim’s computer or network.

Attacks generally fall into one of four categories as described below.

1. Drive-by Downloads

As the result of a drive-by download, malware is loaded onto a computer or other device, often without the user’s knowledge. This type of attack derives its name from the fact that no one has to make a selection or click on a link for the malicious code to be downloaded. Simply opening or “driving by” a compromised page is enough to start the download process.

2. Cross-site Scripting

Cross-site scripting (XSS) differs from drive-by downloads in that it uses a script to steal confidential information such as login names and passwords. Obviously, this creates massive vulnerabilities in an entity’s operations. An IT consultant with a degree in security studies says firewalls and other protective measures may not provide an adequate level of protection from a XSS attack. This is typically because the attack usually comes in the form of an email suggesting that a user click on a specific link for more information. The best defense manufacturers can put up against XSS attacks is to educate employees—especially those with access to important data—on safe browsing practices.

3. Watering Hole Attacks

Watering hole attacks are especially insidious because they target trustworthy sites such as Forbes.com which suffered a watering hole attack in early 2015, allegedly from Chinese hackers. In this type of attack, the perpetrator hijacks the legitimate site, or watering hole, installing malicious code which subsequently allows the hacker to exploit the software of visitors to the site.

4. Wrappers

A wrapper is malware with legitimate software wrapped around it, shielding it from security programs. A wrapper may be encountered in a PDF document, a Word document, a utility tool or a computer game. The wrapper program shows the user only what they are looking for: however, unknown to the user, the wrapper program is simultaneously installing malicious code.

Conclusion

These four types of cyber-attacks are frequently used against manufacturing businesses. The best protection in each case is education, although there are certainly many types of firewalls, intrusion prevention and vulnerability assessment software programs that can help secure both data at rest and data in motion. Employees should learn to keep software current and install patches recommended by software suppliers. Security software should be implemented in addition to firewalls and other protective devices. Employees also should be educated to guard against the temptation to click on unknown links or visit pages that have not been verified as trustworthy.

If you liked this article, here are others you might also find interesting: