cyber-security

Article Dean Dorton

The Manufacturing industry faces challenges and risks that are unique from any other industry. Since manufacturing is a vital spoke in the global economy and an essential component of many other industries, risks to manufacturers tend to have a much larger ripple effect. If risks go unaddressed they can lead to operational and financial losses throughout our economy, not to mention damage to the reputation of the company. It’s important for manufacturers to be aware of the basic and evolving risks they may face and take appropriate steps to mitigate them.

Some key risks include:

  • Supply chain constraints
  • Attracting and retaining quality workforce
  • Cyber security threats
  • Inflation


Our team of Manufacturing Experts have put together a risks overview so you can explore the risks to the manufacturing industry in detail and search for opportunities for growth as we cruise through 2023.

Risk Description
Supply Chain Constraints
Parts/materials difficult to find/long lead times.
  • Acquire logistics companies or develop in-house logistics operations. Greater supply chain visibility and higher quality as well as reducing shipping costs and time due to more streamlined logistics networks
  • Consider new suppliers and sourcing options
  • Relationship management
Attracting & Retaining Quality Workforce
Labor challenges experienced through a shrinking pool of applicants, aging workforce and shortage of highly skilled workers.
  • More favorable working conditions including pay increases and flexible work arrangements
  • Diversity, Equity & Inclusion (DEI) approach to attract more women and racially and ethnically diverse groups
  • Manufacturing companies today have a hard time finding employees who will show up and be on time for work and stick with their jobs
  • Considerable void when it comes to skills and experience – Manufacturers need to work with schools and universities in their communities to ensure that manufacturing focused subjects are being well promoted and taught
Cyber Security
Rise in cyber security incidents across manufacturing companies.
  • Potential effects of a network infiltration include shut down of operations, theft of sensitive customer information, or theft of sensitive banking information
  • Education of employees of potential phishing schemes is paramount to a successful cyber security campaign
Technology
Technology continues to evolve with endless possibilities.
  • Take ERP to the Cloud
  • Data analysis predictive maintenance and use of data analysis to identify anomalies in equipment performance
  • Data decision making around sourcing, production, fulfillment, cost reduction.
  • Controls around Artificial Intelligence
  • Autonomous vehicles in warehouses to move materials and product
  • Robots will change the economics of manufacturing with less time focused on low cost labor positions
Environmental, Social, Governance (ESG)
A sustainability mind-set becomes more of a focal point.
  • Complete visibility throughout supply chain for own compliance and that of their suppliers
  • Manage waste
  • Increase supplier diversity
  • Smart buildings
  • Electrifying fleets
Product as a Service (PaaS)
Diversifying revenue sources has become more important in establishing an indefinite future.
  • Manufactures lease equipment to customers and offer a list of subscription based value-added services
  • Collect equipment usage data from customers
Inflation
Manufactures have to integrate higher priced materials into budget and determine how much to increase prices to customers to absorb these cost increases.
  • Producer price inflation for goods other than food and energy slowed to an annualized 4.2% in the three months ending in December 2022 from 11.5% in the three months ending in April 2022. (Reuters)
  • Manufacturing payrolls increased at an annualized rate of 1.6% in the three months ending in December, down from annualized growth of 5.5% in the three months ending in April. (Reuters)
Possible Recession
Managing through a potential slowdown in the economy will be a focal point of 2023.
  • Sixty-two percent of manufacturers expect the U.S. economy to enter a recession in 2023, according to a survey conducted by the National Association of Manufacturers

Manufacturing Services

Article Dean Dorton

Recent years have seen a dramatic increase in the amount of publicly accessible web applications. As more organizations have expanded their internet presence, web application attacks have become increasingly profitable for threat actors. Recent vulnerabilities such as Log4j have also brought more intense scrutiny to web applications. If your organization hosts business-critical applications or is allowing customers to access their data through the web, it is no longer sufficient to rely simply on traditional external security assessments.

Why network testing is not enough

While traditional external vulnerability testing may include some light unauthenticated web application scanning, automated scanning cannot be relied upon to validate the security of web applications in the same way that it can be for network and host vulnerabilities. Every web application is unique, and automated scanning tools lack the context to catch many vulnerabilities. The only effective way to test web applications involves manual testing, supplemented with the targeted use of automated tools.

Testing from an unauthenticated context is also a problem. According to a review of 2021 breaches performed by Verizon, around 80% of the web application breaches in 2021 were attributed to stolen credentials rather than technical vulnerabilities. This represents a significant increase since 2017, when the number was 50%. The increase in this can be attributed to two attack methods: phishing and credential stuffing.

Phishing continues to be a major and successful attack vector for stealing credentials. Despite improvements in detection and response capabilities, threat actors have continued to find success with this technique. Credential Stuffing leverages large sets of usernames and passwords, usually stolen in data breaches and sold on the dark web.

An attacker will take these sets of credentials and use automated tools to test them against a wide array of websites, looking for sites where the user reused the same username and password combination. Because these methods involve the attacker gaining authenticated access to the application, it is important to ensure that any security testing is performed from an authenticated perspective.

How to perform an authenticated web application assessment

When evaluating if your web application is sufficiently comprehensive, a good resource to use is the Offensive Web Application Security Project (OWASP) Top 10. OWASP monitors web application vulnerabilities and breaches and compiles the most common types of vulnerabilities. The current list was updated in late 2021 and includes the following categories from most to least prevalent:

  1. Broken Access Control
  2. Cryptographic Failures
  3. Injection
  4. Insecure Design
  5. Security Misconfiguration
  6. Vulnerable and Outdated Components
  7. Identification and authentication Failures
  8. Software and Data Integrity Failures
  9. Security Logging and Monitoring Failures
  10. Server-Side Request Forgery

If your organization is hosting externally accessible web applications that store sensitive data, it is important to ensure that your security assessment methodology is covering at least the areas covered in the OWASP Top 10.

Penetration testing can be used to cover the majority of the OWASP Top 10 categories. The goal of the penetration test is to identify vulnerabilities from an external perspective using manual testing and targeted automated tools. The test should be performed with a white or grey box perspective, where the tester is given access to the application and one or two accounts of each role in order to sufficiently cover access control issues both between users of the same privilege level and between users of different privilege levels. With a white box approach, the tester could also be provided the source code of the application. Additionally, the tester should be provided with information about the architecture of the application and the software suites and tools in use on the back end to better understand how to attack the application.

Why penetration testing is not enough

Not all areas of the OWASP Top 10 can be covered sufficiently by a penetration assessment, so the testers should also meet with the developers to discuss the areas of Insecure Design, Software and Integrity Failures, and Logging and Monitoring. These areas cannot be observed from an external perspective so a collaborative approach should be used to ensure coverage.

With this approach, you can ensure that your application is secure against the most prevalent web application vulnerabilities in the threat landscape right now and ensure that your user’s data is secure.

Cyber Security Services

Gui Cozzi
Cybersecurity Practice Lead
gcozzi@ddaftech.com • 859.425.7649

Article Dean Dorton

Let’s start with the basics: What is ‘callback phishing’?

Callback phishing is a specific type of cyber security email threat. In this type of phishing attack the cyber criminal impersonates a business and claims that a transaction has been made using the recipients information (credit card, bank account numbers, address, etc.). Then, the attacker attempts to entice the recipient to ‘confirm’ the fake transaction by calling a fictional customer support line or by submitting confidential information to validate the transaction. These attacks aim to collect specific, sensitive information from the recipient like credit card numbers and bank account information.

Dean Dorton’s Cyber Security Team has observed callback phishing attacks that impersonate PayPal, McAfee, CrowdStrike, etc., but there are countless companies that could be impersonated in this type of attack and attacks of this nature are on the rise.

Below are two examples of callback phishing attacks:

PayPal Callback Phishing Example:

https://deandorton.com/wp-content/uploads/2022/07/Callback-phishing-image-1.png

CrowdStrike Callback Phishing Example:

https://deandorton.com/wp-content/uploads/2022/07/callback-phishing-example-2.png

Callback phishing emails are unique in the way they often bypass email filters. Since they do not include malicious links or attachments with malware, email filters typically won’t catch them, so it’s important to be able to spot the general warning signs on your own.

Dean Dorton’s Cyber Security Team has a few tips to help you spot this kind of cyber attack:

  1. Review the sender. Ensure that the email is actually from the company it is purporting to be. Even email addresses can be spoofed, so this is not foolproof, but it is a great first step in the investigation process. For example, the PayPal email shown above was sent from a personal Gmail address.
  2. Ask yourself, what does this email want me to do?  If the language in the email is trying to convince you to do something (especially if it insinuates urgency), that is a red flag! In the examples above, the cyber criminal is trying to convince you to ‘callback’, but in other cases, they may try to convience you to click a fraudulent link. Be diligent before clicking any links within emails and do not call phone numbers that you can’t indentify.
  3. If you are sceptical, ask for help. After the intial investigation, you are still not sure, contact your IT team to do some further digging. Remember, causing a false alarm is much better than setting off a real one!

Dean Dorton’s Technology team is here to help. If you have questions about ‘callback phishing’ attacks, or want to discuss how we can help protect your business with cyber security services, contact us today.

 

Cyber Security Services

Jordan Johnson
Cyber Security Consultant
jjohnson@ddaftech.com • 859.425.7659

Article Dean Dorton

Phishing attacks have been occurring for years. You know the story, a threat actor attempts to trick an unsuspecting user into clicking a link or malicious attachment that leads to installing malware or directs them to a malicious domain that could attempt to harvest email credentials, or further penetrate your device. The tactic is still common because unfortunately, it still works. But with the increase of organizations relying on stronger email filtering solutions and better end user awareness training programs, they are not as susceptible to some of these basic attacks. Enter the evolution of more sophisticated and clever tactics.

“But this domain is safe!”

Threat actors are utilizing clever strategies to attempt to bypass even the best email filters. One such strategy is using common, legitimate domains to host a link to their malicious site or attachment. These domains could be Google Drive, ShareFile, OneDrive, Box, Dropbox, Adobe InDesign, etc. On the surface, these services are legitimate and offer users ways to quickly share files amongst one another. This is why most reputation-based scanning used within email filters will not often categorize the initial link as malicious because it is not. The following screenshots provide an excellent example of this in action.

Initial Email Example:

https://deandorton.com/wp-content/uploads/2022/05/1.png

In this example, a threat actor gained unauthorized access to a trusted sender for the recipient. They then sent this email that included a link to open a document. Due to this being a trusted sender, the recipient opened the file because they had no reason to assume that the link was malicious. The link then led to the following:

Ind.adobe.com site hosting the malicous file:

https://deandorton.com/wp-content/uploads/2022/05/2.png

In our example, once the user proceeded to this point, they realized something was off and reported the email to the IT team; however, if they had proceeded on to the next step, they would have received the following:

Malicious Site:

https://deandorton.com/wp-content/uploads/2022/05/3.png

There it is! The true purpose of the email was to try and harvest email credentials. An unsuspecting user could have being successfully phished here and it was all because that initial email was being hosted by a legitimate service. This is not the only variety of these types of emails and certainly will not be the last, so that leaves us with more questions.

So what can we do?

There are few different strategies that can help prevent against phishing attacks:

  1. Never assume that an email is safe just because it came from a trusted sender that you communicate with regularly.  Threat actors are engaging in reply-chain attacks, where they gain unauthorized access to an account and then start replying to emails posing as the hacked user. When in doubt, contact the sender out-of-band (phone call, preferably) to verify the email.
  2. Make end user awareness training a priority. An end user is any organization’s first line of defense! A well-trained staff can bring attacks to a halt. Ensure that your users are provided with regular security training and that they are informed of the latest threats. Ensure that they are trained to review the address bar for any site that is asking them for email credentials. If it’s not a Microsoft (or whatever email system you may be using) domain, then that is a red flag. It is also helpful to periodically test the effectiveness of the training by sending out phishing simulations.
  3. Utilize multi-factor authentication (MFA). In any particular scenario, even if a threat actor was able to harvest email credentials, they would not have be able to perform any actions on objectives if multi-factor was enabled for the account. It is a cybersecurity best practice to ensure that MFA is enabled on all externally-facing systems, email being one of the highest priorities.
  4. Block uncategorized websites in your web filtering solution and/or firewall. Threat actors spin up thousands of domains per day and these are often categorized as, “uncategorized,” where filtering solutions are not sure if they are malicious or not. Blocking these outright could help stop attacks in which the malicious site is uncategorized.

If any of the tips above have given you pause and you would like to know where your security posture stands, please contact Dean Dorton’s team of cybersecurity professionals for assistance.

Jordan Johnson
Cyber Security Consultant
jjohnson@ddaftech.com • 859.425.7659

Article Dean Dorton

Are your defenses as resilient as your digital ambitions?

Digitization – creating business value through digitized assets and expanded connectivity – is increasing exposure to cyber attacks. As a result, cyber-risk strategies are under the microscope.

New threat intelligence and trend analysis in the Cisco 2016 Annual Security Report explains advances by the security industry and by criminals. Gain insights into how to effectively combat these threats with increased collaboration, communication, and coordination, and by investing for resilience. You’ll also learn how your security peers assess the state of security preparedness in their organizations.

Report highlights include:

  • How industry efforts have crippled major attacks
  • Shifts in tactics by cybercriminals to make money
  • Expert insights into top vulnerabilities
  • How adaptive, integrated solutions can quicken time to detection
  • An update about the state of enterprise security preparedness

Cisco 2016 Annual Security Report: Achieving Attack Resilience in a Digital Age

Contact Jason Miller (jmiller@ddaftech.com) or David Rice (drice@ddaftech.com) for more information.


View Jason Miller’s Bio