Manufacturers are a top target of cyberattacks – unauthorized attempts to gain access to electronic data such as account numbers, customer records, and part drawings. There are many types of cyberattacks, but here are ten types that manufacturers need to know about so that they can defend themselves.
Cross-Site Scripting (XSS)
Denial of Service (DoS)
Denial of service (DoS) attacks make a network resource unavailable to users. With websites, cyber attackers overload the site with illegitimate traffic so that users cannot perform legitimate tasks such as placing orders or finding product specifications.
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) attacks use networked devices that are infected with malware to flood the bandwidth of a target system. These attacks can be global in nature since compromised devices are located around the world.
Drive-by attacks target insecure websites. Once hackers find a potential victim, they inject a malicious script into either the HTTP or PHP code of site pages. Becoming a victim may begin with visiting a compromised website or reading a malicious email and then clicking on a popup window.
Malware, or malicious software, refers to any harmful program or file. It’s an umbrella term that includes spyware, viruses, Trojan horses, logic bombs, and worms. Ransomware, a type of malware, lets an attacker hijack a network and encrypt files until a ransom is paid.
Man in the Middle (MitM)
Man in the Middle (MitM) attacks happen when a hacker gets between your network connection and a server. Cyber attackers can then observe, manipulate, or redirect your website traffic. They can also use their network access to decrypt and steal data.
Phishing and Spearphishing
Phishing and spearphishing both send fraudulent emails with clickable links that download malware or take you to a dangerous website. The difference is that phishing sends emails to a large number of recipients while spearphishing targets a single recipient.
Social Engineering Attacks
Social engineering uses psychological manipulation to trick users into performing actions or divulging information. It includes spearphishing and may involve email spoofing, which is the falsification of the “From” section of an email so that it appears to come from a trusted source. Social media is also an attack vector.
SQL Injection Attacks
SQL injection attacks insert malicious code into a structured query language (SQL) server, sometimes by submitting malicious script into a website search box. Typically, these attacks provide access to a secure database so that information can be added, changed, deleted, or encrypted.
There are three main types of password attacks: brute force, dictionary, and keyloggers
- Brute force attacks involve guessing your password.
- Dictionary attacks involve guessing at commonly used passwords.
- Keylogger attackers use programs to capture keystrokes to gain passwords.
For manufacturers, all of these cyberattacks are all-to-common. For defense manufacturers, the stakes are especially high when there’s the theft of controlled unclassified information (CUI).
Improve Your Cybersecurity with Help from NY MEP
The New York Manufacturing Extension Partnership (NY MEP) is helping New York State manufacturers to strengthen their cybersecurity. If your business is part of the supply chain for the U.S. Department of Defense (DoD), you can apply to join a free cohort that provides expert instruction valued at over $10,000.
Take the first step toward strengthening your cyber defense against the types of attacks you’ve read about in this article. Join the Cybersecurity Cohort.