惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
P
Palo Alto Networks Blog
T
ThreatConnect
Apple Machine Learning Research
Apple Machine Learning Research
博客园_首页
T
True Tiger Recordings
P
Privacy & Cybersecurity Law Blog
B
Blog
IT之家
IT之家
Last Week in AI
Last Week in AI
F
Full Disclosure
Hacker News: Ask HN
Hacker News: Ask HN
C
Comments on: Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Security Blog
Microsoft Security Blog
博客园 - 【当耐特】
N
News and Events Feed by Topic
NISL@THU
NISL@THU
腾讯CDC
雷峰网
雷峰网
Security Latest
Security Latest
李成银的技术随笔
M
Microsoft Research Blog - Microsoft Research
L
LangChain Blog
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Check Point Blog
Y
Y Combinator Blog
Recent Announcements
Recent Announcements
博客园 - Franky
N
News | PayPal Newsroom
V
V2EX
A
About on SuperTechFans
The Register - Security
The Register - Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
MyScale Blog
MyScale Blog
Cisco Talos Blog
Cisco Talos Blog
Vercel News
Vercel News
WordPress大学
WordPress大学
C
Cyber Attacks, Cyber Crime and Cyber Security
The Hacker News
The Hacker News
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
爱范儿
爱范儿
A
Arctic Wolf
L
LINUX DO - 最新话题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

WeLiveSecurity

The quest for greater tech independence Why geopolitical turmoil is a gift for scammers, and how to stay safe FrostyNeighbor: Fresh mischief and digital shenanigans Eyes wide open: How to mitigate the security and privacy risks of smart glasses Fake call logs, real payments: How CallPhantom tricks Android users Fixing trivial passwords is as easy as 123456 A rigged game: ScarCruft compromises gaming platform in a supply-chain attack This month in security with Tony Anscombe – April 2026 edition The calm before the ransom: What you see is not all there is GopherWhisper: A burrow full of malware New NGate variant hides in a trojanized NFC payment app Ransomware’s back office: What the ransom note won’t say Why that next data breach alert could be a trap Supply chain dependencies: Have you checked your blind spot? Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ As breakout time accelerates, prevention-first cybersecurity takes center stage Digital assets after death: Managing risks to your loved one’s digital estate This month in security with Tony Anscombe – March 2026 edition RSAC 2026 wrap-up – Week in security with Tony Anscombe A cunning predator: How Silver Fox preys on Japanese firms this tax season Virtual machines, virtually everywhere – but not all protected Cloud workload security: Mind the gaps Move fast and save things: A quick guide to recovering a hacked account EDR killers explained: Beyond the drivers Face value: What it takes to fool facial recognition Cyber fallout from the Iran war: What to have on your radar Sednit reloaded: Back in the trenches What cybersecurity actually does for your business How SMBs use threat research and MDR to build a defensive edge Protecting education: How MDR can tip the balance in favor of schools This month in security with Tony Anscombe – February 2026 edition Mobile app permissions (still) matter more than you may think Faking it on the phone: How to tell if a voice call is AI or not PromptSpy ushers in the era of Android threats using GenAI Is Poshmark safe? How to buy and sell without getting scammed Is it OK to let your children post selfies online? Naming and shaming: How ransomware groups tighten the screws on victims Taxing times: Top IRS scams to look out for in 2026 OfferUp scammers are out in force: Here’s what you should know A slippery slope: Beware of Winter Olympics scams and other cyberthreats This month in security with Tony Anscombe – January 2026 edition DynoWiper update: Technical analysis and attribution Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan Drowning in spam or scam emails lately? Here’s why ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 Children and chatbots: What parents should know Common Apple Pay scams, and how to stay safe Old habits die hard: 2025’s most common passwords were as predictable as ever Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Is it time for internet services to adopt identity verification? Your information is on the dark web. What happens next? Credential stuffing: What it is and how to protect yourself This month in security with Tony Anscombe – December 2025 edition A brush with online fraud: What are brushing scams and how do I stay safe? Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Threat Report H2 2025 Black Hat Europe 2025: Was that device designed to be on the internet at all? Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece The biggest catch: How whaling attacks target top executives Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture MuddyWater: Snakes by the riverbank Oversharing is not caring: What’s at stake if your employees post too much online This month in security with Tony Anscombe – November 2025 edition What parents should know to protect their children from doxxing Influencers in the crosshairs: How cybercriminals are targeting content creators MDR is the answer – now, what’s the question? The OSINT playbook: Find your weak spots before attackers do PlushDaemon compromises network devices for adversary-in-the-middle attacks What if your romantic AI chatbot can’t keep a secret? Can password managers get hacked? Here’s what to know Why shadow AI could be your biggest security blind spot In memoriam: David Harley The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET APT Activity Report Q2 2025–Q3 2025 Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Ground zero: 5 things to do after discovering a cyberattack This month in security with Tony Anscombe – October 2025 edition Fraud prevention: How to help older family members avoid scams Cybersecurity Awareness Month 2025: When seeing isn't believing Recruitment red flags: Can you spot a spy posing as a job seeker? How MDR can give MSPs the edge in a competitive market Cybersecurity Awareness Month 2025: Cyber risk thrives in the shadows Gotta fly: Lazarus targets the UAV sector SnakeStealer: How it preys on personal data – and how to stay safe Cybersecurity Awareness Month 2025: Building resilience against ransomware Minecraft mods: When ‘hacking’ your game becomes a security risk IT service desks: The security blind spot that may put your business at risk Cybersecurity Awareness Month 2025: Why software patching matters more than ever AI-aided malvertising: How chatbots can help spread scams How Uber seems to know where you are – even with restricted location permissions Cybersecurity Awareness Month 2025: Passwords alone are not enough The case for cybersecurity: Why successful businesses are built on protection Beware of threats lurking in booby-trapped PDF files New spyware campaigns target privacy-conscious Android users in the UAE Cybersecurity Awareness Month 2025: Knowledge is power This month in security with Tony Anscombe – September 2025 edition
Manufacturing under fire: Strengthening cyber-defenses amid surging threats
2025-10-03 · via WeLiveSecurity

Business Security

Manufacturers operate in one of the most unforgiving threat environments and face a unique set of pressures that make attacks particularly damaging

03 Oct 2025  •  , 5 min. read

Manufacturing under fire: Strengthening cyber-defenses amid surging threats

Manufacturers face a unique mix of risk: they have an extremely low tolerance for downtime, they sit at the heart of extensive and often complex supply chains, and their competitive advantage is often built on high-value intellectual property (IP), including proprietary designs and trade secrets. That’s a combination that should be ringing alarm bells for IT and security leaders working in the sector.

Meanwhile, the nature of modern attacks has also become increasingly complex, sophisticated and relentless. Threat actors often combine technical exploits with social engineering and credential theft, and aim to remain undetected for long periods, gathering intelligence and mapping systems before striking.

A spate of high-profile ransomware breaches over recent years confirms the high stakes: digital extortionists have the sector well and truly in their crosshairs. In a sector that relies on precision, efficiency, and tight production schedules, even a few hours of downtime can ripple across the business and its network of partners, magnifying the impact.

However, this does not mean the only things standing between your company and a mega-breach are luck and time. As we mark Manufacturing Day, it’s a good time to reflect on the sector’s growing risk – and how it can be reduced to manageable levels by building resilience and detecting threats as early as possible.

Manufacturing in the crosshairs

According to IBM, the manufacturing sector was the most targeted worldwide over the past year. It accounts for a quarter (26%) of incidents the vendor’s incident responders were called to over the period, rising to 40% in APAC. Legacy technology, and particularly connected operational technology (OT) such as industrial control systems and robotics, has expanded the attack surface of many manufacturers. That provides plenty of opportunities for determined adversaries. Other key findings include:

  • Exploits of public facing apps, valid accounts and external remote services were the most common initial access vectors, highlighting how adversaries are exploiting misconfigured or otherwise insecure access points.
  • Server access (16%) and malware-ransomware (16%) were the most commonly observed actions, illustrating that operational disruption and financial extortion were the main goals of attackers.
  • Extortion, data theft, credential theft and reputational damage were the biggest impacts for breached manufacturers.

Separately, Verizon notes that confirmed breaches in the sector surged 89% annually in 2025, with SMBs with fewer than 1,000 employees accounting for more than 90% of breached organizations. Its analysis also reveals that a fifth of breaches were down to espionage-related motives, up from just 3% a year previously. Sensitive plans, reports and emails were the most frequently stolen data type, highlighting a risk to IP that goes beyond mere extortion. It could signify the presence of nation state actors or competitors keen to steal trade secrets.

That said, the presence of malware in manufacturing breaches increased from 50% to 66% over the period, attributable to ransomware and the preference for “System Intrusion” as the most common threat pattern. This refers to complex attacks that use “malware and/or hacking” to achieve their goals. It’s safe to say that manufacturers will continue to be firmly in the crosshairs of sophisticated adversaries.

For insights into how ESET's solutions can help manufacturers stay secure and resilient, explore this page.

Cautionary tales

Manufacturers don’t just have to keep an eye out for financially motivated cybercriminals. A recent campaign spotted by ESET targeted manufacturers as well as companies in other sectors. It was attributed to the RomCom group, which blends opportunistic campaigns and espionage efforts. This one exploited a zero-day vulnerability in WinRAR to covertly steal sensitive information, highlighting the sophistication of some threat actors targeting the sector.

Another word of warning comes via a 2023 breach at Clorox, which cost the cleaning product manufacturer tens of millions of dollars. The incident, which stemmed from a single vishing attack and set of credentials, impacted the firm for weeks, disrupting operations and its supply chain. The fact that it reportedly happened due to human error on the part of an IT outsourcer highlights the multilayered nature of cyber risk facing manufacturers.

Where MDR fits in

The question is how best manufacturers can absorb these cautionary tales in order to minimize cyber risk in their organization. The first step should be to build resilience via best practices such as multifactor authentication (MFA), prompt patching and data encryption. That’s the key to blocking initial access and preventing lateral movement where possible. But it’s not a silver bullet.

Manufacturers should also invest in continuous detection and response across their email, cloud, server, network and other environments. If yours is a large enterprise with enough budget, it may be able to do this via an in-house security operations (SecOps) team working from a security operations center (SOC) with XDR tooling.

But for many, especially the 90% of breached manufacturers with under 1,000 employees, the more sensible option may be to outsource to an expert managed detection and response (MDR) provider. A well-chosen MDR provider can deliver a range of capabilities faster and more cost-effectively than building them in-house, including:

  • 24/7/365 threat monitoring from an expert team
  • Reduced cost compared to the high capital and operational expense required to staff and maintain a SOC
  • Expert threat hunting to find the most sophisticated threats
  • Rapid detection, response and containment of threats to minimize financial, reputational and compliance risk
  • Improved financial and operational resilience by enabling the organization to continue production even after an attack
  • Surfaced insight to build resilience against similar future attacks

Building a mature SOC with 24/7 coverage, threat hunting, and forensic skills typically takes years and significant investment, whereas MDR providers bring an established stack and experienced team fast. The CapEx/OpEx expense of an in-house SOC and the specialized security expertise required to monitor converged environments is often prohibitive, especially for SMBs. Also, MDR playbooks emphasize containment and rapid recovery that aim to minimize production downtime, a critical metric for manufacturing. For many manufacturers, MDR provides the fastest, most cost-effective path to operational resilience.

Seconds count

Whether they’re after your IP, your customer data, or simply to cause maximum disruption with a view to extortion, when threat actors strike, the race is on to find and contain them. MDR can accelerate this process to provide the early warning you need to put incident response plans into action.

The continuous monitoring and awareness it provides across endpoints, network, and cloud environments also aligns neatly with a best-practice Zero Trust approach to cybersecurity. By combining the best of human expertise and advanced technology, MDR isn’t just worth a look for your business. It could also hold the key to securing your extended supply chain.

manufacturing-siege-eset-white-paper

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。