-
Resumen
Manufacturing is beset by external actors using password dumper malware and stolen credentials to hack into systems and steal data. While the majority of attacks are financially motivated, there was a respectable showing of Cyber-Espionage-motivated attacks in this industry as well. Internal employees misusing their access to abscond with data also remains a concern for this vertical.
Frecuencia
922 incidents, 381 with confirmed data disclosure
Top Patterns
Crimeware, Web Applications and Privilege Misuse represent 64% of breaches
Threat Actors
External (75%), Internal (25%), Partner (1%) (breaches)
Actor Motives
Financial (73%), Espionage (27%) (breaches)
Data Compromised
Credentials (55%), Personal (49%), Other (25%), Payment (20%) (breaches)
Top Controls
Boundary Defense (CSC 12), Implement a Security Awareness and Training Program (CSC 17), Data Protection (CSC 13)
Bad actors, bad actions, bad puns
It has been said that the proper study of mankind is Man(ufacturing), or at least we are pretty sure that is how the adage goes. We hope so at least, because we have been giving a lot of thought to that topic. The Manufacturing vertical is very well represented this year with regard to both incidents and breaches. As always when we see a large increase, it could be indicative of a trend or simply a reflection of our caseload. In this instance, it is certainly the latter.
However, NAICS 31—33 has long been a much-coveted target of cybercrime and this year is no exception. Whether it is a nation-state trying to determine what its adversary is doing (and then replicate it) or just a member of a startup who wants to get a leg up on the competition, there is a great deal of valuable data for attackers to steal in this industry. And steal it they do. The predominant means they employ for this theft falls under the Crimeware pattern, as shown in Figure 75. Namely, the Password dumper, Capture app data and Downloader varieties.
- 2020 DBIR
- DBIR Cheat sheet
- Introducción
- Summary of findings
- Results and analysis
- Incident classification patterns and subsets
- Industry analysis
- Accommodation and Food Services
- Arts, Entertainment and Recreation
- Construcción
- Educational Services
- Financial and Insurance
- Atención médica
- Información
- Fábricas
- Mining, Quarrying, Oil & Gas Extraction + Utilities
- Other Services
- Professional, Scientific and Technical Services
- Public Administration
- Real Estate and Rental and Leasing
- Retail
- Transportation and Warehousing
- Does size matter? A deep dive into SMB Breaches
- Regional analysis
- Wrap-up
- CIS Control recommendations
- Year in review
- Appendices (PDF)
- Corrections
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank You.
Thank You.
Gracias.
You may now close this message and continue to your article.
