'Mishing' Attacks on the Rise in Manufacturing

Identifying and exposing these emerging threats to your mobile ecosystems.

Krishna Vishnubhotla
Nov 7, 2024
Smishing Attack Fran Rodriguez
iStock.com/Fran Rodriguez

No industry is immune to the insidious threat of mobile phishing โ€“ or โ€œmishingโ€ โ€“ attacks. The rise in these sophisticated mishing attacks is a wake-up call for those who hold the responsibility of securing their manufacturing organizationโ€™s infrastructure. If thatโ€™s you, then it should be a mission to identify these emerging threats, exposing cyber risk before it has a chance to wreak havoc on your businessโ€™s mobile ecosystems. The manufacturing industry presents unique security challenges, so letโ€™s take a look.

Mobile as a Force Driver in Manufacturing

Mobile devices and applications are now pervasive in the manufacturing industry, playing a critical role in driving efficiency, real-time data access, and operational accuracy. Most mobile devices in this sector are Corporate Liable (CL), meaning they are owned and managed by the organization to ensure robust security and compliance.

Due to Android's flexibility, cost-effectiveness, and compatibility with industrial applications, manufacturers rely heavily on Android-based devices, including rugged smartphones, tablets, handheld scanners and even wearables. These devices are purpose-built for demanding environments, supporting essential tasks like inventory tracking, equipment diagnostics, and quality checks. With mobile technology embedded into daily operations, manufacturers can reduce downtime, improve productivity, and ensure precise control over complex workflows.

A Forbes study revealed that factories experienced a 13 percent increase in sales within the first six months following the implementation of mobile applications to support operations. Additionally, a report highlighted that the widespread adoption of smartphones and tablets in manufacturing environments has led to faster access to critical information and improved problem-solving capabilities.

However this expansive mobile footprint in manufacturing introduces significant cybersecurity and operational risks. A 2023 report from Proofpoint showed that employees in manufacturing were among the most susceptible to phishing attacks compared to other industries, with click-through rates on phishing emails about 25 percent higher than average. Combine that with research from Zimperiumโ€™s recent Global Mobile Threat Report 2024, which found that 83 percent of phishing sites are designed for mobile, and you have a concerning gap in mobile security that leaves manufacturing organizations highly vulnerable.

Additionally, 80 percent of manufacturing employees are field workers operating outside traditional office spaces, often across diverse locations and networks. Most organizations provide these workers with corporate devices equipped with specialized third-party applications. The high susceptibility of manufacturing employees to social engineering and phishing scams presents a significant challenge for the industry. According to KnowBe4, 36 percent of employees in this sector are likely to fall victim to these attacks at any given time, exposing critical security vulnerabilities and increasing the risk of operational disruptions and data breaches.

Emerging Mobile Security Trends

Mishing (mobile phishing) remains a top risk manufacturing organizations must zero in on. In September, researchers at zLabs โ€“ the research arm of mobile security company Zimperium โ€“ released its 2024 Global Mobile Threat Report, which found that 82 percent of phishing sites now target mobile devices, highlighting cybercriminal adoption of a "mobile-first" attack strategy.

The success of mishing sites lies in their hit-and-run approach, where cybercriminals can launch deceptive domains rapidly, then have them disappear before they are ever detected, creating significant challenges for CISOs and their teams. The researchers found that around one-quarter of mobile phishing sites become operable less than 24 hours after their creation, launching malicious activities almost immediately.

The rise of platform vulnerabilities is another trend to watch out for. We witnessed a surge in identified Common Vulnerabilities and Exposures (CVEs) in 2023 among both Android and iOS. The zLabs research team detected 1,421 CVEs in Android devices tested, representing a 58 percent increase from 2022. Sixteen of these vulnerabilities were exploited in the wild, which means they were exploited within the real world, rather than test environments. With Androids the main device used by employees in manufacturing, this is a risk that cannot be ignored.

Enterprises often use third-party applications on their employeesโ€™ work devices. Although simplifying the need for building an application in-house, they are now faced with third-party app supply chain issues, another emerging trend to be aware of. These apps need to be vetted for security, privacy, and compliance to protect sensitive enterprise and customer data.

Three questions to ask about third-party work apps if your organization uses them include:

  • Where is my enterprise data going?
  • Is the app asking for dangerous permissions?
  • Does the app have secure storage & communication?

Best Practices to Address These Trends

  1. Manufacturing organizations should leverage on-device detection techniques to identify mobile phishing domains before they are clicked on. You should also implement systems that update URL blocking and filtering in real-time, minimizing the window during which sites can be accessed.
  2. Multi-Factor Authentication is a crucial step in enhancing security, but it is not a silver bullet. While MFA adds an additional layer of protection, attackers are constantly evolving their methods to bypass it. MFA works and significantly reduces the risk of unauthorized access. However, it is most effective when combined with other security measures. Organizations need to attest mobile devices and not send One-Time Passcodes (OTPs) to compromised devices.
  3. Training employees to recognize phishing attempts, malicious apps, and insecure networks on their mobile devices goes a long way, often farther than you may think.

According to research from Ontinue, the Manufacturing & Industrial sectors experienced an intense rise in cyberattacks in the first half of 2024, accounting for 41 percent of cyber incidents. This was a large increase of 105 percent, which sat at only 20 percent in 2023. Manufacturing organizations need a proactive approach to their mobile security strategy to protect their operations.

Latest in Cybersecurity
Industrial Media Unboxing Video
Sponsored
Industrial Media Unboxing Video
October 9, 2024
Computer Crime Concept 516607038 2125x1416 (1)
AI-Fueled Attacks are Exposing The Soft Underbelly of Email
November 7, 2024
Robot Working With Digital Display 686690190 2124x1415 (1)
The Hidden Dangers: Protecting Our Robotic Workforce
November 7, 2024
Smishing Attack Fran Rodriguez
'Mishing' Attacks on the Rise in Manufacturing
November 7, 2024
Related Stories
Ransomware
Cybersecurity
Report Shows Ransomware is Still the Leading Cyber Threat, Despite Shakeups
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
AI-Fueled Attacks are Exposing The Soft Underbelly of Email
Robot Working With Digital Display 686690190 2124x1415 (1)
Cybersecurity
The Hidden Dangers: Protecting Our Robotic Workforce
Security Breach Podcast
Sponsor Content
Security Breach Podcast
More in Cybersecurity
Industrial Media Unboxing Video
Sponsored
Industrial Media Unboxing Video
IEN Unboxed is a new show in which our editors unbox new tools on the market and discuss their features.
October 9, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
AI-Fueled Attacks are Exposing The Soft Underbelly of Email
AI is learning how to bypass security mechanisms as email struggles to keep pace with evolving cyberattacks.
November 7, 2024
Robot Working With Digital Display 686690190 2124x1415 (1)
Cybersecurity
The Hidden Dangers: Protecting Our Robotic Workforce
Despite their role in improving production processes, the cybersecurity of robots is a critical concern.
November 7, 2024
A cybersecurity shield logo.
Cybersecurity
DARPA Taps RTX to Strengthen Cyber Resiliency
RTX BBN Technologies to develop compartmentalization tool that prevents escalation of cyberattacks.
November 7, 2024
Ep121
Cybersecurity
Security Breach: Threat Landscape Update
Our Army of experts offers intel on recent ransomware, malware, phishing and embedded software attacks.
November 7, 2024
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Research Finds 80% of Manufacturers Have Critical Vulnerabilities
Some manufacturers are 3.4 times more likely to experience a ransomware attack.
October 30, 2024
Data Center
Cybersecurity
Meeting the Demands of AI Computing
Eaton's latest offering focuses on the physical dynamics of larger, AI-computing data centers.
October 31, 2024
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
CISA Offers Manufacturing Software Guidance, Key Vulnerability Updates
The agency continues to share vital updates and seek feedback on new cyber initiatives.
October 31, 2024
Ep117tn
Cybersecurity
Security Breach: The Little Things That Kill
Simple tasks continue to be the biggest challenges, but "training like you fight" offers solutions.
October 31, 2024
Industrial Cyber
Cybersecurity
More Than Half Unable to Track Sensitive Content
A new report spotlights the need for enhanced security and compliance strategies.
October 31, 2024
Automobile Cockpit, Various Information Monitors And Head Up Displays
Cybersecurity
Safeguarding Connected Cars from Cyber and Privacy Threats
It goes beyond protecting the vehicle and owner, to ensuring the entire connected ecosystem is secure.
October 30, 2024
Robot Programmer
Cybersecurity
Adversarial Machine Learning: AI and ML Beware
NIST published details about a type of cyberattack unique to AI systems where attackers can โ€œpoisonโ€ data that might be used by AI systems.
October 24, 2024
Manufacturing Infrastructure Cyber
Cybersecurity
OT Solutions Address Growing Industrial Threats
Powered by AI, Palo Alto's latest update is focused on remote operations and critical OT assets.
October 24, 2024
Ransomware
Cybersecurity
Meshing Cybersecurity into M&A Activity
Traditional security approaches are not ideally suited for such transactions, but a solution has been developed.
October 24, 2024
Ep116 V2
Cybersecurity
Security Breach: Preventing Phishing Attacks 'Not Rocket Science'
The seven pieces of the phishing puzzle and a Goldilocks strategy for improving defenses.
October 24, 2024