'Mishing' Attacks on the Rise in Manufacturing

Identifying and exposing these emerging threats to your mobile ecosystems.

Smishing Attack Fran Rodriguez
iStock.com/Fran Rodriguez

No industry is immune to the insidious threat of mobile phishing – or “mishing” – attacks. The rise in these sophisticated mishing attacks is a wake-up call for those who hold the responsibility of securing their manufacturing organization’s infrastructure. If that’s you, then it should be a mission to identify these emerging threats, exposing cyber risk before it has a chance to wreak havoc on your business’s mobile ecosystems. The manufacturing industry presents unique security challenges, so let’s take a look.

Mobile as a Force Driver in Manufacturing

Mobile devices and applications are now pervasive in the manufacturing industry, playing a critical role in driving efficiency, real-time data access, and operational accuracy. Most mobile devices in this sector are Corporate Liable (CL), meaning they are owned and managed by the organization to ensure robust security and compliance.

Due to Android's flexibility, cost-effectiveness, and compatibility with industrial applications, manufacturers rely heavily on Android-based devices, including rugged smartphones, tablets, handheld scanners and even wearables. These devices are purpose-built for demanding environments, supporting essential tasks like inventory tracking, equipment diagnostics, and quality checks. With mobile technology embedded into daily operations, manufacturers can reduce downtime, improve productivity, and ensure precise control over complex workflows.

A Forbes study revealed that factories experienced a 13 percent increase in sales within the first six months following the implementation of mobile applications to support operations. Additionally, a report highlighted that the widespread adoption of smartphones and tablets in manufacturing environments has led to faster access to critical information and improved problem-solving capabilities.

However this expansive mobile footprint in manufacturing introduces significant cybersecurity and operational risks. A 2023 report from Proofpoint showed that employees in manufacturing were among the most susceptible to phishing attacks compared to other industries, with click-through rates on phishing emails about 25 percent higher than average. Combine that with research from Zimperium’s recent Global Mobile Threat Report 2024, which found that 83 percent of phishing sites are designed for mobile, and you have a concerning gap in mobile security that leaves manufacturing organizations highly vulnerable.

Additionally, 80 percent of manufacturing employees are field workers operating outside traditional office spaces, often across diverse locations and networks. Most organizations provide these workers with corporate devices equipped with specialized third-party applications. The high susceptibility of manufacturing employees to social engineering and phishing scams presents a significant challenge for the industry. According to KnowBe4, 36 percent of employees in this sector are likely to fall victim to these attacks at any given time, exposing critical security vulnerabilities and increasing the risk of operational disruptions and data breaches.

Emerging Mobile Security Trends

Mishing (mobile phishing) remains a top risk manufacturing organizations must zero in on. In September, researchers at zLabs – the research arm of mobile security company Zimperium – released its 2024 Global Mobile Threat Report, which found that 82 percent of phishing sites now target mobile devices, highlighting cybercriminal adoption of a "mobile-first" attack strategy.

The success of mishing sites lies in their hit-and-run approach, where cybercriminals can launch deceptive domains rapidly, then have them disappear before they are ever detected, creating significant challenges for CISOs and their teams. The researchers found that around one-quarter of mobile phishing sites become operable less than 24 hours after their creation, launching malicious activities almost immediately.

The rise of platform vulnerabilities is another trend to watch out for. We witnessed a surge in identified Common Vulnerabilities and Exposures (CVEs) in 2023 among both Android and iOS. The zLabs research team detected 1,421 CVEs in Android devices tested, representing a 58 percent increase from 2022. Sixteen of these vulnerabilities were exploited in the wild, which means they were exploited within the real world, rather than test environments. With Androids the main device used by employees in manufacturing, this is a risk that cannot be ignored.

Enterprises often use third-party applications on their employees’ work devices. Although simplifying the need for building an application in-house, they are now faced with third-party app supply chain issues, another emerging trend to be aware of. These apps need to be vetted for security, privacy, and compliance to protect sensitive enterprise and customer data.

Three questions to ask about third-party work apps if your organization uses them include:

  • Where is my enterprise data going?
  • Is the app asking for dangerous permissions?
  • Does the app have secure storage & communication?

Best Practices to Address These Trends

  1. Manufacturing organizations should leverage on-device detection techniques to identify mobile phishing domains before they are clicked on. You should also implement systems that update URL blocking and filtering in real-time, minimizing the window during which sites can be accessed.
  2. Multi-Factor Authentication is a crucial step in enhancing security, but it is not a silver bullet. While MFA adds an additional layer of protection, attackers are constantly evolving their methods to bypass it. MFA works and significantly reduces the risk of unauthorized access. However, it is most effective when combined with other security measures. Organizations need to attest mobile devices and not send One-Time Passcodes (OTPs) to compromised devices.
  3. Training employees to recognize phishing attempts, malicious apps, and insecure networks on their mobile devices goes a long way, often farther than you may think.

According to research from Ontinue, the Manufacturing & Industrial sectors experienced an intense rise in cyberattacks in the first half of 2024, accounting for 41 percent of cyber incidents. This was a large increase of 105 percent, which sat at only 20 percent in 2023. Manufacturing organizations need a proactive approach to their mobile security strategy to protect their operations.

More in Cybersecurity