Previously, cyber security threats were concentrated in industries such as healthcare, retail, finance, and energy. Manufacturing was rarely mentioned because there was a lack of understanding and communication within the industry. Manufacturing differs from other industries in that it has a direct connection to the outside world.  

Prior to the advancement of technology, manufacturing companies were only connected within a single organization's network, with limited internet access, making it difficult to connect with other organizations or people in general. Because of their public nature, organizations in the medical and financial industries do not face the same barrier. Furthermore, the manufacturing firms did not believe they were appealing to threat actors; rather, they did not believe they had much to offer. 

However, technology has advanced, and the antiquated methods of communication used in the manufacturing industry are now obsolete. The cyber threat landscape shifts as communication channels change. Now that the manufacturing industry is forced to use internet connectivity in a variety of ways, they must face the harsh reality that they were unprepared to deal with the security challenges that come with having so many vulnerable endpoints. 


Although phishing attacks occur in a variety of industries, phishing attacks in the manufacturing industry are very common, and it is one of the industries that receives the most phishing attacks per year. Since 2020, threat actors have exploited several vulnerabilities for financial gain, as well as vulnerabilities for brand impersonation. 

Phishing attacks involve the target clicking on a malicious email attachment or visiting a spoofed website. Attachments and websites compromise the target's browser settings and use any available data for financial gain. Web-based malware downloads containing trojans or other malicious content are the most common way that the manufacturing industry is targeted by phishing attacks. The malware discovers vulnerabilities on systems and sends the information to the attacker. The threat actor's data is either used to demand a ransom or sold on the dark web. 

Why is the manufacturing industry especially vulnerable to phishing attacks? There are several reasons. 

  1. Legacy Equipment - The manufacturing industry is notorious for employing obsolete devices or devices designed to maximize security. Attackers would not have to do much work to compromise legacy equipment. 
  2. Different IT Infrastructure - For manufacturing units located in different locations, different sets of technologies are used. Each type of technology may use different hardware and software, resulting in fragmented security frameworks. This means that a single security framework will not be sufficient for all systems. 
  3. Industrial espionage - If a manufacturer has government contracts, they are a prime target for cyber espionage threat actors. They understand that if they can attack the suppliers and clients associated with a specific industry, certain sectors will be severely harmed. 
  4. Significant Financial Gain - As previously stated, the manufacturing industry used to believe that it didn't have much to offer attackers. That, however, is not the case. The manufacturing industry is vast and contains a wealth of sensitive data that can be exploited for financial gain (credit card information, bank details, data related to financial institutions, and social security numbers). Such information can be sold or used to compromise other networks in exchange for a ransom. 
  5. Lack of Centralized Visibility - The lack of a centralized platform to view data flow provides an excellent entry point for a threat actor. Within the fragmented framework, there are numerous hidden loopholes and complexities that attackers can exploit. 
  6. Less Secure Encryption Techniques - Because the manufacturing industry is primarily concerned with production and distribution, it can be blind to cyber security issues. Threat actors understand that the industry's attention isn't on them, so they take advantage of the industry's lack of complex encryption techniques and phishing ignorance.

According to Kaspersky Lab, over 400 manufacturing companies became phishing targets in 2018. There was a phishing campaign at the time aimed at stealing money from corporate accounts. The attackers distributed malicious software via emails disguised as commercial offers using a variety of tools and standard phishing techniques. To orchestrate their attacks, the threat actors also used legitimate software (TeamViewer or Remote Manipulator System). The programs aided threat actors in gaining access to devices and searching for information on recent purchases and financial software. To obtain higher-level permissions and steal data, additional tools were used. 

In some cases, the threat actors sent malicious email attachments to their victims, but in others, they sent links to websites. In both cases, the emails persuaded the target to download the threat actors' tools on his or her own initiative. According to the report, using modern technology and educating employees about phishing exploits has kept organizations safe. 


The manufacturing industry bore the brunt of cyber-attacks in general in 2021. In 2021, IBM released a report (X-Force Threat Intelligence Index) detailing how ransomware and other vulnerabilities affected supply chains, with manufacturing being the most targeted industry. Previously, the financial services and insurance industries were the most vulnerable to ransomware attacks, but by 2021, manufacturing had dethroned those industries and become the most vulnerable to ransomware. 

Attackers took advantage of the ripple effect that occurs when a manufacturing organization's production flow is disrupted. The threat actors understood the attacks would force their downstream supply chains to pay a ransom. The report also stated that 47 percent of attacks in the manufacturing industry were caused by vulnerabilities that companies did not patch, emphasizing the importance of all manufacturing companies including vulnerability management in their security plans. 

Bridgestone's breach impacted several cities, and plants were shut down for several days. LockBit gave Bridgestone a deadline to pay the ransom before releasing the company's data. LockBit, like other ransomware groups, removed data from Bridgestone's systems and threatened to release it to the public. Bridgestone is the second auto parts supplier to be targeted by a ransomware gang in a short period of time. 

Intellectual Property Theft 

Intellectual property (IP) theft is a type of information theft that can be extremely damaging to a business, but it is frequently overlooked. The possibility of IP theft has increased now that attackers have discovered new ways to infiltrate a network and move laterally within a system invisibly. Threat actors can enter a system undetected, move laterally, mine information, and leave a system before anyone realizes they were there. 

The data that the attackers gain access to may be stolen or altered. You may not even realize anything has happened until your company's trade secrets are used elsewhere. This is especially dangerous for the manufacturing industry because it can be difficult to safeguard company information required to create products. Trade secrets, copyrighted information, and contracts would be easy to steal now that threat actors can transfer information in seconds. Some manufacturing companies have government contracts and are vulnerable to APT (nation-state) attacks. These attacks can be motivated by anything from pure cyber espionage to a desire to obtain military secrets. 

The Chinese government-linked hacking group Winnti is an example of an APT that focuses on stealing intellectual property to further its goal of cyber espionage. The organization oversees a massive Chinese government-linked hacking operation worth billions of dollars. They specialize in stealing domestic and international businesses' intellectual property and other data. Researchers believe the group has been operating since 2010 on behalf of Chinese state interests. Winnti was able to infiltrate corporate computer networks in the technology and manufacturing industries in 2019, focusing on companies in North America, East Asia, and Western Europe. So far, the group has stolen sensitive documents, blueprints, diagrams, formulas, and data related to manufacturing. They also stole source code as well as research and development documents. 

Due to the group not being discovered in company systems until 2021, Winnti had years to conduct reconnaissance and identify valuable data. As a result, the group amassed hundreds of gigabytes of data that could be used in future cyber-attacks. Credentials, employee emails, network architecture, and customer data were all stolen. The value of the stolen data was not disclosed, but Chinese cyber espionage generally costs the United States between $180 billion and $540 billion per year. 

The motivation for an intellectual property theft attack is less about monetary gain and more about stealing data. Furthermore, cyber security experts have difficulty detecting IP theft because the threat actors steal data as discreetly as possible with no intention of monetary gain. Ransomware attacks are much easier to detect because the threat actors are motivated by monetary gain. They frequently leave ransomware notes and other evidence that they were present in their target's systems. 

Supply Chain Attacks 

Supply chain assaults are a critical security risk in any business, but supply chain attacks in the manufacturing industry have become increasingly prevalent in recent years. A supply chain assault occurs when threat actors gain access to a company's network through a third-party vendor or supplier. Access can be achieved by viruses or malicious software, which provides the attacker with access to sensitive information, client data, and payment information. 

Because a supply chain might be extensive, tracing the assault can be challenging. Naturally, industrial companies and organizations deal with many suppliers. Any disturbance in the production process has a knock-on impact and creates significant delays. Manufacturing businesses must secure their supply chain and ensure that the companies with which they do business are similarly dedicated to security. Supply-chain assaults are classified into three types: 

  • Software Supply Chain Attacks - In order to interrupt a whole supply chain, only one compromised program or piece of software is required. These attacks target the source code of an application and send malicious code to a trusted app or software system. 
  • Firmware Supply Chain Attacks - In this attack, malware is inserted into a computer's boot record and takes one second to execute. The virus runs once the targeted machine powers up, putting the entire system in danger. These attacks are quick, damaging, and sometimes undetectable. 
  • Hardware Supply Chain Attacks - This type of attack targets physical equipment. Threat actors target devices that they know will go through an entire supply chain in order to maximize their reach and the harm they will inflict.

Industrial IOT Attacks 

As previously said, the manufacturing industry did not believe threat actors were interested in targeting them for decades. They thought that the Industrial IoT (Internet of Things) devices they utilize for daily operations and procedures were useless to an attacker. Therefore, developers spent minimal effort ensuring that their IoT devices had basic firewalls or other security measures. Exploits will occur when there is little to no care for security. 

Three of the top manufacturers' Industrial IoT devices were attacked with malware in February 2020. A bitcoin miner was identified on multiple IoT devices, including a printer, a smart TV, and an automated guided car maker, according to TrapX Security (AGV). The assaults were part of a campaign in which attackers infected Windows 7 PCs with malware. Windows 7 had reached its end of life at the time, but millions of PCs across the world are still running the operating system. 

According to Security Week, the virus was a self-spreading downloader based on malicious scripts related with the bitcoin miner Lemon Duck. The infection spread so swiftly on the AGV production facility that it compromised vehicle communications. AGVs are utilized in industrial plants to transport goods or complete specific duties. If the communications are broken or the directives are created by malware, the vehicle may deviate and inflict physical harm to goods or persons. 

The flaw also affected a smart TV with a built-in PC running Windows 7. The smart TV was linked to a factory network, and it sent data to production line managers. An attacker was able to install malware on the TV and deploy a crypto-miner some months previously due to the Windows 7 vulnerability. This type of threat has the potential to jeopardize the whole network, as well as other organizations with assets in the enterprise and industrial networks. 

Cybersecurity used to be primarily a vital issue for major organizations, but times have changed. Engineers who build gadgets for manufacturers must incorporate robust cyber security safeguards into the equipment they create. Vulnerabilities in Industrial IoT devices are frequently associated with difficulties created by the user during the device's usage or installation phase. 

The failure to change default passwords, disable security measures, and lack of firewalls give access opportunities for threat actors. Simply removing passwords and user controls that encourage inadequate security options can help keep manufacturing organizations secure and prevent vulnerabilities from being deployed.