Behind the Breach: BEC Attacks in Manufacturing

The Gist:

Manufacturing companies have long been a prime target for fraud attacks, but as reported last week, attacks on manufacturers have increased by 8% just since Q1 of this year. In fact, in Q3 2024:

• 10% of emails in manufacturing were BEC, up from 2% in Q1 2024
• 27% of emails in manufacturing were malicious, the highest across all sectors
• 36% of BEC samples were crafted by generative AI

Manufacturers are targeted for several reasons:

• They manage thousands of suppliers and vendors, operate multiple Enterprise Resource Planning (ERP) and financial systems, and process millions of dollars in financial transactions and sensitive customer data. This makes them prize targets for schemes like business email compromise (BEC). 
• They hold valuable intellectual property and trade secrets, which cybercriminals seek to exploit. 
• The complexity of their supply chains creates multiple entry points for attackers, allowing them to infiltrate larger firms through vulnerabilities in smaller suppliers. 
• Many manufacturing systems were not designed with cybersecurity in mind, making them particularly vulnerable to sophisticated threats. 

‍

These factors — financial vulnerability, operational reliance on continuity, and historical underinvestment in cybersecurity — attract various types of fraud and cyberattacks in the manufacturing sector.

‍

The Latest:

Manufacturers are a prime target of BEC attacks, which now account for 58% of all phishing attempts. In August 2024, Orion, a chemical manufacturing company, lost $60 million in a BEC attack. Manufacturers are also targeted for other types of payment fraud. For example, Toyota Boshoku, a filter manufacturer, lost $37 million this year when a cybercriminal tricked an employee into changing bank account information for a wire transfer. 

‍

Trustmi’s Take:

‍AI is fueling more sophisticated payment fraud schemes, such as deepfakes and impersonations. Unfortunately, as of 2022, only 18% of manufacturers had comprehensive anti-fraud programs, and while in 2023, 62% reported plans to implement automation, this was not specific to fraud prevention measures. Until manufacturers take a stand, we expect the number of payment fraud attacks and monetary losses in this sector to rise. 

‍

To effectively combat BEC attacks, organizations need a multi-layered approach combining advanced AI-powered detection tools, regular employee training, and robust verification processes that go beyond simple call backs and account validation. To learn more about BEC attacks, visit https://www.trustmiprd-2025.local/blog/the-top-attacks-exposed-supply-chain-bec.