What does an attack on a manufacturing company look like?

Cyber criminals have figured out the value in targeting manufacturers. Using social engineering practices, these attackers exploit the imbedded trust within your organization and amongst your partners, vendors and clients. Once inside your organization, they can patiently plan subsequent moves to extract maximum value.

To take these attacks from the abstract to the real, let’s take a look at a typical compromise lifecycle where your Accounts Payable manager is targeted. We’ll call him Bob:

The Attack

It’s late in the month, and Bob receives an urgent reminder email regarding an invoice coming due. Bob is conscientious and never misses a payable, but the company’s recent growth has made it a struggle to keep track of all the new vendors and their invoices.

The email contains a link to an Office 365 Sharepoint login page. Bob clicks the link and signs in to view the document, but there’s nothing there. Annoyed, Bob fires off an email to notify the sender about the missing document and gets back to his ever-growing task list. He’ll address this missing invoice when they get back to him.

While the missing invoice seems a frustrating waste of time to hard-working Bob, this was the entrypoint for a cyber criminal who captured Bob’s login credentials in the process. Your attacker now has access to your Accounts Payable manager’s email account. Utilizing standard social engineering tactics, the criminal now uses Bob’s account as a beachhead for additional exploitations of your company.

Now that the attacker has moved laterally throughout your organization (this may take less than a day), they can start strategically sending the same attack emails from your receivables manager to your customers. Additionally, they can send malicious emails to your key suppliers from your COO under the guise of a next quarter plan of action.

The Effect

The potential for more attacks grows exponentially with each new compromised account. A manufacturer cannot succeed without trust throughout its supply chain and throughout a product’s lifecycle. While this trust leads to success, it’s also the most valuable thing for attackers to exploit.

In our above example, we didn’t discuss the many ways the attacker might profit off of this attack - from ransoming your system for bitcoin to stealing personally identifiable information to sell on the Dark Web to redirecting wire transfers to offshore criminal bank accounts. Once the attacker is in your network, they can remain there unnoticed for weeks to months to years (yes, years!). This simply gives them time to contemplate each new attack, making sure to get it right for maximum gain.

Bob made a very costly mistake, but there’s little reason to lay blame or punishment on him. It could have been anyone who received the attacker’s phishing email. In fact, Bob may know all about malware and hackers’ tactics. The issue is that our defenses often vanish when we are under the gun or unusually stressed (or too relaxed!). For this reason, it’s critical to pair cyber security knowledge training with recurrent behavioral instruction and reminders.

Ready to learn more? Connect with us here!