Guide – Manufacturing Email Security

By Ron Samson Jr

Email Security Best Practices for Manufacturers

Manufacturing is the 2nd most attacked industry right behind healthcare, and in most cases, they are the least prepared. With email being the top delivery method of these attacks, it must a focus of attention for security. There are a myriad of goals that the attackers may have, but the one definite fact is that if they succeed in their attack, it be expensive, damage your reputation, and if enough intellectual property is stolen, it will have long term impacts on the viability of your business.

  • One North Carolina manufacturer lost $270,000 per hour due to a cyberattack on their IT systems.
  • Merck has revealed, in its third quarter 2017 earnings report, that the manufacturing disruptions related to the cyber-attack that happened earlier in the year led to $135 million in lost sales. 1
  • The cost to manufacturing and other sectors from a single ransomware variation, WannaCry, exceeded $1 billion in a single two weeks period.

WannaCry, which commonly entered through malicious email links and attachments, revealed one of the manufacturing sector’s biggest weaknesses: It was based on a virus that was created by the US National Security Agency to defeat Iranian uranium enrichment machinery. Most attacks were so successful because the software in many manufacturing devices was never updated.

Threats and Motivations

Unlike other types of cybercrime, the primary motivation of manufacturing attacks is not to extort money or simply cause havoc, but steal trade secrets. Intellectual property theft appears to be the motive in over 90% of all attacks on manufacturing facilities.

Very often, the point of entry for malware that is seeking to steal information is an email. It works like this:

  1. A phishing email is received by a machinist on his lunch break whose workstation has access to much of the manufacturing infrastructure. They open an attachment that appears to be from a colleague, and unknown to them, a new variant of malware is installed on their machine.
  2. Poorly secured or outdated manufacturing equipment is connected to this same workstation so that it can be easily controlled. The malware locates vulnerabilities within these unpatched devices and is able to spread through them and gain control and access to any information stored on them.
  3. Since the malware is now throughout all these devices, it is likely easy to probe around on the network and locate any valuable information

A Chinese hacking group, called Bronze Butler, stole ideas from Japanese manufacturers from 2012 to 2018 until it was discovered.

Some other motivations to cyberattacks on manufacturers include:

  • Money – Some attacks are simply to extort a ransom. The entire system, including the machines on the manufacturing floor, will be stopped for hours or days while the company decides how to handle the ransom demand.
  • Nation-state terrorism – One of the types of attacks that has been in the news lately are those attacks carried out by a nation attempting to destroy or handicap another country’s infrastructure. Even something as simple as changing the traffic lights will wreak havoc. Taking control of an entire electrical grid or the Air Traffic Control system would be devastating.
  • Self-promotion – In some cases, it’s vanity, but some groups, like Bronze Butler, are a business. They steal secrets and sell them. If you’re manufacturer attempting to use stolen secrets, knowing who attacked a company is a great way to learn where you can get secrets to work without having to steal them yourself.

Cyber threats that enter via email

Phishing – Most types targeting manufacturers seek to exploit users by pretending to be a source that they trust. Nation states commonly will use phishing to bypass other network prevention measures. There are over a dozen different variants, some seeking monetary gain, while others may try to get the recipient to click a link which contains malware.

Ransomware – Hidden within attachments and links in email, this is a major threat to both productivity, data and reputation. It seeks to encrypt data and demand a ransom payment, usually in bitcoin, to get your data back.  A network wide ransomware attack can hold data hostage, and cost thousands to recover from.

Malware – Contained within malicious URLs and attachments, is seeks to get onto the company network to steal information. Malware in email is the most effective way for bad actors to infiltrate a network without being caught.

Challenges

There are number of places in a manufacturing facility where concerns can arise.

Mission critical planning – With complex manufacturing these days, there is little room for any form of delays from downtime, especially of your email. You need email continuity in place that is automatic that allows your users to continue working when your email is down and even alerts you by SMS when there is an issue with your mail server or provider. ContentCatcher has emergency inbox, hosted in our online portal for all users.

The Internet of Things (IoT) – Every device, from your your CnC machine to your printer is all linked to the network, via wired or even wireless connections. If you’re able to hack the CnC machine controller, you have a toehold into the entire network. A hacker can ride the link directly to the parts that they are seeking to get to. Email is a top tool for delivery for these types of threats.

Industrial control systems – Replacing equipment is expensive and not every device is designed to be used with the latest internet software. Industrial control systems tend to be outdated, hard to protect and, often, simply unprotected. Nonetheless, well-meaning management will seek to connect them to the internet to make them easier to work with and to be better able to track volumes, etc.

Interconnected networks – Throughout a large factory, there maybe different networks all linked to central hub. Once one part of the network is breached through a targeted email to the right contact with access, it is often fairly easy for bad actors to spread throughout the entire network and even to suppliers.

Lack of IT staff – The average manufacturer has only one IT staffer for every 200 people. That makes that one staffer responsible for overseeing all of the vulnerabilities of the systems and the actions of 200 people. Keeping up with email security issues along with dozens of other daily demands is just able to be done in the most effective manor due to time limitations. An advanced cloud based email security system like ContentCatcher eases the burden of email by removing any on-site appliances and offering full support users can rely on when IT staff is unavailable or has questions.

Best Practices for Email Security

Protecting your email needs to be a top priority, especially given how expensive a single event can be, there are number of things that you can do to secure your email:

Security Awareness Training – Users are the last line of defense when other prevention systems fail. They need to be aware of the latest threats and suspicious of incoming emails. After a few months of training, most manufacturers see a drastic decrease in the propensity of their users to fall victim to email attacks.

URL Defense

Many threats, such as the examples mentioned above, start with a malicious link. In order to prevent them from being clicked, they should be scanned dynamically when they are clicked.

Attachment Defense

Since malicious attachments pose such a threat and can be tough to identify, they need to be ‘detonated’ before reaching your inboxes. This means they are opened in a system emulation environment to see what they do. Attachments containing ransomware for example will show certain behaviors like searching for drives to encrypt.

Data Loss Prevention

Scan all outbound emails for sensitive information like credit card numbers, social security numbers, and hundreds of other categories.

Email Encryption

In the instances when transmitting secure is required, it should be done securely

Email Archiving

Keeping a record of all inbound and outbound email correspondence including attachments is invaluable for any type of breach related to email. It gives you great visibility into what actually occurred including the attachments that were opened.

Implement NIST Framework – The National Institute of Standards and Technology has implemented a recommended framework for manufacturers. The framework can help to prevent issues by creating a national standard of practices and methods for all manufacturers. The complete report is available at this link: https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8183.pdf.

Conclusion

Manufacturers represent a lucrative and easy-to-attack frontier for cybercriminals. The long-term effects of industrial espionage, not to mention damage to reputations, etc. can cost billions over the course of years. Advanced email security is inexpensive relative to the cost of a breach and needs to be in place as it is your first line of defense against email, the top attack vector.