Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
As manufacturing processes integrate more deeply with digital technologies, the industry faces a dual challenge: increasing worker productivity by using smart technology and strengthening defenses against escalating cyber threats.
With the advent of smart manufacturing, industry leaders are connecting everything from supply chain management systems to assembly line robots to the cloud. This creates a complex network of unsecured devices that, if not monitored for malicious activity, can expose critical infrastructure to cyberattacks.
Based on threat research conducted by our Threat Response Unit (TRU) for the 2024 SMB Ransomware Readiness report, the manufacturing industry has been the most impacted industry for ransomware attacks from 2020-2023.
It’s no surprise then that a strong cybersecurity posture is as crucial as the sturdiest physical lock on the factory door. Manufacturers must take a holistic view of their cybersecurity programs, the limitations of their in-house cyber capabilities, and implement security protocols for every digital touchpoint, from employee email accounts to industrial control systems.
In this blog, we share the most common cyber threats impacting the manufacturing industry and recommendations on how you can protect your organization from these threats.
The attack surface has grown considerably for manufacturing organizations in recent years, driven largely by cloud migration, increasing number of edge devices, and reliance on remote desktop services. Personal smartphones, tablets, and laptops can provide convenient access points for employees but can also be easy targets for cybercriminals.
“The unfortunate side effect of this growth is it creates new opportunities for exploitation,” Spence Hutchinson, Staff Threat Intelligence Researcher at eSentire, says. “Cloud migration, edge devices, remote access services are all things that need to be configured and patched, and they unfortunately, creates exposure and opportunities for threat actors.”
Therefore, manufacturing businesses should consider implementing a zero-trust and least privilege approach to access management, to ensure that only authenticated, authorized users and devices can access network resources. In addition, organizations should also have cloud security posture management and cloud workload protection in place to secure the data stored in the cloud and remediate misconfigurations or policy violations.
The existence of initial access brokers – threat actors who sell unauthorized access to networks – represents a severe threat to manufacturers. These actors enable other cybercriminals without the skillset to gain initial access to deploy ransomware and other attacks by providing a ready means of entry.
TRU’s research has shown that the most common initial access vectors used to target the manufacturing industry are browser-based attacks, business email compromises, removable media, and valid credentials:
TRU’s research also dictates that cybercriminals are now turning to more subtle techniques to gain initial access into networks. They employ tactics such as malvertising, exploiting ad networks to deliver malware through legitimate websites, and watering hole attacks, where they compromise a site frequently visited by target users.
These sophisticated attacks can easily bypass traditional defenses, making security awareness training and robust threat response capabilities that can identify and block malicious behavior more critical than ever.
Although browser-based attacks are outpacing phishing emails, threat actors are still using business email compromises (BEC) and phishing emails disguised as typical business communications with subject lines like “Invoice” and “Shipping” to target unsuspecting manufacturing employees.
The best way to combat these threats is similar to browser-based attacks – that is, make sure your security awareness training for users is reliant on real-world scenarios so they know how to spot modern phishing emails.
Credential theft is an insidious threat because it allows attackers to masquerade as legitimate users, moving laterally across the network and accessing sensitive information.
Based on the Manufacturing Threat Intelligence report published by TRU, the majority of the intrusions observed against our manufacturing customers leveraged valid stolen credentials. These stolen credentials can be easily purchased on underground markets and are then used against remote access services or to exploit known unpatched vulnerabilities or zero-day exploits.
To combat this, manufacturers should implement robust password policies, require multi-factor authentication (MFA) for all user accounts, especially those with privileged access, and routinely audit accounts for unusual activity. Security leaders should also leverage identity-based threat detection and response to monitor and respond to anomalous user behavior. It’s also crucial to educate employees about the use of strong, unique passwords and the dangers of credential sharing.
While removable media devices (e.g., USBs) are convenient for transferring data, they remain a vector for malware to enter and spread across manufacturing systems. In fact, initial access worms such as Raspberry Robin, which often gain initial access through removable media, can be used to deploy malware that leads to ransomware intrusions.
Therefore, manufacturing organizations must implement policies that control the use of USBs and other removable media devices. These might include disabling USB ports where not needed, implementing strict controls over what devices can be connected, and establishing procedures for scanning all devices for threats before use. In addition, employee education is also critical, and all employees should be trained to understand the cyber risks associated with USB devices.
Ransomware attacks have become one of the most immediate and disruptive threats facing manufacturers today. These attacks can freeze production lines, lead to loss of intellectual property, and incur significant financial and reputational damage. One day of downtime alone can cost manufacturing organizations upwards of $221K USD.
Interestingly, the top industries found in Initial Access Broker auctions align closely with the top industries belonging to ransomware victims mentioned on data extortion leak sites, with manufacturing organizations significantly outnumbering organizations in other industries:
To combat this, manufacturers need more than just standard antivirus software; they require a multi-layered cyber defense strategy. This involves ongoing security monitoring, 24/7 threat detection and response capabilities with proactive threat hunting, and comprehensive backup strategies that include offsite and offline backups to ensure that operations can quickly resume after an attack with minimal loss.
Most manufacturing organizations rely on a highly interconnected environment of vendors, suppliers, and service providers to extend their capabilities and scale operations. Unfortunately, these third-party supply chain partners add considerable cyber risk for manufacturing organizations given that their privileged access adds potential entry points for cyberattacks.
“We spend a lot of time worried about our own networks when attackers may exploit someone else's network and then use it to gain access to yours,” Spence says. “Attackers know this, and there are a handful of underground services like fraud shops and auction sites where they can purchase credentials or network access into third-party providers.”
To manage this, manufacturers must establish a robust vendor risk management program, which includes conducting regular due diligence and security assessments of vendors, contractual agreements that mandate adherence to cybersecurity standards, and continuous monitoring of vendor activities.
By taking a proactive stance, manufacturers can identify and mitigate risks posed by third-party relationships, ensuring that the security of the supply chain is not compromised.
The interconnectedness of OT and IT systems in modern manufacturing has made OT environments more vulnerable to cyberattacks. While historically isolated, these systems are now in the crosshairs of cybercriminals.
In fact, according to the Dragos 2023 Year in Review report, approximately 70% of OT-related incidents originated from within the IT environment. What’s more is that 17% of organizations shared domain architecture between their IT and OT systems, which can enable cybercriminals to spread laterally between systems and escalate privileges to gain control.
Therefore, it’s clear that manufacturers should enforce strict network segmentation, ensuring that a breach in one part of the network cannot easily spread to OT systems. Additionally, investing in security platforms that provide visibility into both IT and OT systems can help detect and respond to threats quickly.
With clear strategies, continuous vigilance, and proactive measures, manufacturers can protect their operations, safeguard their data, and ensure that they remain resilient in the face of cyber threats.
By committing to ongoing education, investment in advanced defenses, and a culture that prioritizes cybersecurity, manufacturers can stand firm against the onslaught of cyber risks.
To learn how eSentire can help your manufacturing organization reduce your cyber risks and prevent service disruption, connect with an eSentire cybersecurity specialist now.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.