As noted in the just-released Trustwave SpiderLabs report, 2025 Trustwave Risk Radar Report: Manufacturing Sector, modern manufacturing systems are increasingly interconnected, creating fertile ground for cybercriminals.
The report details the weaknesses attackers exploit in infrastructure, workers, and the digital supply chain. Among the various tactics observed, vulnerability exploitation stood out due to its prevalence and potential impact.
In 2023 alone, Trustwave SpiderLabs noted that manufacturing organizations faced 4,370 publicly exposed vulnerabilities, with nearly 3,843 deemed critical. Alarmingly, more than 3,500 of these were listed on the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerability (KEV) list. These vulnerabilities range from remote code execution flaws to privilege escalation and denial-of-service (DoS) threats.
Notable vulnerabilities include:
These examples highlight the many ways attackers can infiltrate manufacturing systems, potentially halting production and compromising sensitive data as a result.
While the threat landscape is complex, it is not insurmountable. Manufacturers can take decisive steps to reduce their exposure and strengthen their defenses.
First, establish a comprehensive vulnerability management program. This should include regular vulnerability scans, with prioritized patching of critical and high-severity vulnerabilities. One of the primary reasons patching is deferred in the manufacturing industry is because of the potential downtime it may bring to the production line.
Downtime can be avoided by testing patches in a non-production environment, and automating patching solutions can also accelerate the process.
Second, network security can be reinforced by deploying a network firewall, Intrusion Detection/Prevention Systems (IDS/IPS), and network segmentation. These measures help control traffic, block unauthorized access, and contain potential breaches.
Third, implement robust access controls. Multi-Factor Authentication (MFA) should be standard practice, along with the principle of least privilege and Role-Based Access Control (RBAC). Regularly review user permissions and promptly revoke access when necessary.
Cyberattacks in the manufacturing sector are becoming more frequent and sophisticated. By understanding the tactics employed by cybercriminals and adopting proactive security measures, manufacturers can better safeguard their operations and data. Trustwave remains committed to helping organizations navigate this evolving threat landscape and build resilient cybersecurity strategies.
The primary report is joined by two companion pieces that dig deeper into specific issues that Trustwave SpiderLabs is seeing in the sector. These are: