Manufacturing faces a wave of advanced email attacks

New data from Abnormal Security shows that between September 2023 and September 2024, phishing, business email compromise, and vendor email compromise attacks on manufacturers increased significantly.

The number of monthly attacks phishing attacks has grown nearly 83 percent between September 2023 and September 2024. Business email compromise attacks are up 56 percent too.

Manufacturing companies typically rely on a complex network of vendors, suppliers, and service providers which creates broad attack surfaces with lots of different entry points available to exploit.

In addition manufacturers store a tempting amount of financial data and other sensitive information that criminals can sell across the dark web, hold for ransom, or use to get a stronger foothold within an organization’s digital infrastructure.

The data also shows vendor email compromise is up 24 percent. These attacks involve the impersonation of known and trusted individuals. The key difference from BEC being that the threat actor poses as an external third party rather than an internal employee. The vendor/client relationship is often managed primarily via email. So, discussions and inquiries about invoices, billing details, and payment schedules commonly occur in the inbox without arousing suspicion.

Mike Britton, CISO at Abnormal Security writes on the company’s blog, "Although manufacturing security leaders have helped workforces grow their knowledge of email threats, cybercriminals have evolved their strategies to undermine employee awareness training. Thanks to a proliferation of generative AI tools that help attackers create genuine-looking emails and near-perfect impersonations, it's become almost impossible for humans or secure email gateways (SEGs) to detect advanced email attacks."

You can read more on the Abnormal Security blog.

Image credit: qerest/depositphotos.com