The real economy with manufacturing as the core is the basis for maintaining national competitiveness and healthy economic development. It is also because of the universal recognition of this concept by countries DS200CDBAG1ABA around the world that there are strategic plans at the national level such as Germany’s Industry 4.0 strategy, the United States’ advanced manufacturing national strategy, and India’s national manufacturing policy. China has also put forward the Made in China 2025 plan. And “to promote the deep integration of informatization and industrialization as the main line, vigorously develop intelligent manufacturing, and build an industrial ecosystem and a new manufacturing model under the conditions of informatization” as a strategic task to promote the parallel development of industry 2.0, industry 3.0 and industry 4.0.

In the above context, global manufacturing enterprises are also facing increasing cyber risks. The old “island operation” no longer exists, the IT and OT boundaries have disappeared, and the application of new technologies has gradually blurred the boundaries of the network. The deployment of a large number of industrial Internet of Things devices, while increasing system functions and improving production efficiency, has also brought many vulnerabilities, resulting in the gradual DS200CDBAG1ABA expansion of the exposed attack surface. At the same time, with the ravages of ransomware, major manufacturers have also suffered varying degrees of loss, in June 2020, Honda was attacked by Snake ransomware, forced to shut down car factories in the United States and Turkey and motorcycle production plants in India and South America.

Based on the manufacturing industry, this paper summarizes the common attack types against the manufacturing industry, and finally gives protection suggestions.

DS200CDBAG1ABA

Phishing attack

Phishing attacks remain the most popular cyberattack tool. In order to carry out more harmful attacks or actions, it is usually necessary to open the “door” to enter the target company, usually using phishing emails. For example, in 2016, an employee of the global solar panel manufacturer Xule received an email claiming to be the CEO, the email mentioned the need for the company’s internal employee details, the employee did not identify the authenticity of the internal employee details sent to the CEO, but the CEO is a cyber criminal. The employee was also the victim of a phishing attack, which resulted in the disclosure of confidential company information, and may be followed by DS200CDBAG1ABA more crazy infiltration and attacks by criminals.

Similar phishing attacks also appeared in the 2015 blackout in Ukraine, where hackers released BlackEnergy 3 malware through phishing emails and successfully gained access to the power company’s industrial control network in subsequent attacks. After logging in to the SCADA system, they activated circuit breakers one by one to cut off power. The KillDisk malware was also enabled to delete important log files and master boot records, leaving plant employees unable to quickly restore power and perform subsequent analysis. At the same time, the hackers also conducted DDoS attacks on the phone network, making it difficult for customers and their plant employees to communicate with each other, so it is difficult to find out what is going on and how to restart power. The phishing emails are as follows:

Common characteristics of phishing attacks:

Messages with malicious attachments;

With misspelled hyperlinks that differ from known sites;

An engaging title or content;

Abnormal email sender;

Urgent orders or to-do documents.