Light Dark
June 6, 2017 By Michelle Alvarez 2 min read
Advanced Threats
Threat Intelligence

The manufacturing industry — including, but not limited to, automotive, electronics, food and beverage, textile and pharmaceutical companies — was the third most attacked sector in 2016, according to the 2017 IBM X-Force Threat Intelligence Index. In fact, the number of security incidents, which are attacks or security events reviewed by IBM security analysts and deemed worthy of deeper investigation, was almost 40 percent higher than the average across all industries.

Figure 1: Comparison of organizations monitored by IBM for 2016, cross-industry clients versus manufacturing sector clients (Source: IBM Managed Security Services data, Jan. 1 to Dec. 31, 2016).

The Manufacturing Security Picture

The top attack vector targeting manufacturing clients monitored by X-Force in 2016 was attacks incorporating malicious input data such as SQL or command injection. This vector accounted for 74 percent of the attacks, which was notably higher than the cross-industry average of 42 percent.

It’s not surprising, then, that there are considerably more outside threats than insider attacks targeted the manufacturing sector — 91 percent outsiders to 9 percent insiders. The outsiders could include well-funded fraudsters, organized crime groups and nation-state actors.

This view of the manufacturing security landscape, however, differs from the one generated from publicly disclosed incidents. Very few manufacturing sector incidents were revealed in 2016. This led IBM X-Force researchers to suspect some underreporting, perhaps because manufacturing is not as tightly regulated as industries such as financial services, health care and retail. However, the cybertheft of trade secrets from one of the world’s largest steelmakers is evidence that the threat to manufacturers’ intellectual property and operating information — this industry’s crown jewels — is very real.

Review Best Practices

A new IBM research paper focuses on the top attacks detected against the manufacturing sector. Since the No. 1 manufacturing security threat involved the use of malicious input data, centralized patching and data input sanitization are essential. We recommend reviewing the report for other best practice guidelines.

Read the complete Report: Security trends in the manufacturing industry

 |  |  |  | 
Michelle Alvarez
Manager, X-Force Strategic Threat Analysis, IBM

More from Advanced Threats
April 9, 2024

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

November 6, 2023

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

August 2, 2022

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature