Day: April 9, 2025

Advanced Persistent Threats, or APTs, are attacks that breach networks to gain access to valuable data. To put into scope the challenges Germany and others are facing, look no further than the growth in the APT protection market.

ForeNova, a global provider of managed detection and response (MDR) services, understands the growing problem of APTs targeting high-value industries in Germany. These APTs focus on value data, including intellectual property theft.

German manufacturing firms look to MDR providers like ForeNova for help with 24/7 monitoring, automated incident response, and greater observability of APT threats.

Interested in learning more about ForeNova’s NovaMDR platform offering?

Click here to schedule a demo with the ForeNova engineering team today!

Impact of APTs on the Manufacturing Sector in Germany?

Bitkom announced a projected cost of 206 billion euros ($224 billion) for IT theft, data breaches, espionage, and sabotage in Germany during 2023. This report marks the third year in a row exceeding 200 billion euros, according to a survey of over 1,000 companies.

• Distributed Denial of Service against edge architectures, including web portals, Zero-trust, and SASE-based instances.
• Advanced email attacks against manufacturing site managers, production teams, and operations groups are very common.

Manufacturing in Germany continues to rise in ransomware attacks from email phishing with the endgame of extorting manufacturing firms, shutting down critical production systems, or redirecting global supply orders to the wrong suppliers.

The kill chain also contains social engineering attacks, physical intrusions, and constant threat of insider threats.

Rise in Insider Threats Within Manufacturing

Manufacturing firms face a dual challenge: Network users can exfiltrate crucial data, risking operational disruptions and production slowdowns while companies investigate these attacks.

Dealing with State-Sponsored APT Group

State-sponsored attacks bring an additional dimension to attack surfaces. China, Russia, North Korea, Vietnam, Nigeria, South Africa, and other nation-states all contribute to the APT nightmare globally.

ATP groups funded by nation-states present several challenges for cybersecurity teams across all industries. Most of these groups are well-funded, have access to state-sponsored cybersecurity research material and tools, and a resource pool of talent within these countries’ military forces.

MuddyWater: APT34

This Iranian group targets energy and defense industries, which is widely known.

Fancy Bear (APT 28)

Established in 2004, this Russian-based APT group targets manufacturing and critical infrastructure in the United States and Germany.

Chinese hacker group APT 27

This APT group has targeted German companies in sectors such as pharmaceuticals and technology and successfully stolen valuable intellectual property assets.

APT31: Judgment Panda

Chinese state-sponsored APT group conducts cyber espionage for national interests, employing sophisticated spear-phishing, malware, and zero-day vulnerabilities to target governments, businesses, and political entities globally.

Judgment Panda targets U.S, German, and Hong Kong political figures, critical infrastructure, and industrial manufacturing.

Which Manufacturing Industries in Germany Remain the Highest Value Targets for Hackers?

Previously, APT groups focused their cyberattack efforts on stealing money, committing financial fraud through email phishing, and leveraging ransomware to extort money from their victims.

APT groups that focus on efforts in the German manufacturing sectors do so with the ideas that operational disruptions, stealing intellectual property, and/or committing cyber attacks are far more profitable.

Manufacturers facing unplanned production outages face financial losses of between $900 and $17000 per minute. These same cyberattacks also cause a downstream problem with the supply chain supporting the manufacturing processes.

Hackers targeting high-value manufacturing may choose to embed malware into user devices, host-based application platforms, and robotic control units. These malware files go unnoticed because most devices and hosts receive infrequent software updates.

These well-placed malware files were more than likely introduced through an email phishing campaign.

Automotive

Like other German manufacturing firms, the German automotive industry continues to experience various cyberattacks against its employees, supply chain partners, and networks.

The Volkswagen data breach exposed the information of 800,000 EV customers. In addition to this security breach, Volkswagen also faced intellectual property theft. In 2015, hackers compromised nearly 19,000 documents related to Volkswagen’s research and development projects. However, the company did not report the event until 2024.

Chemical

Two former employees of Lanxess, a chemical factory, stole intellectual property, including trade secrets and information on constructing next-generation nuclear reactors.

The buyers of these trade secrets included a Chinese company that planned to use the stolen information to develop a competing product against Lanxess.

Machinery

Nation-state hackers and hacktivists globally target manufacturing businesses like VARTA.

In February 2024, hackers breached VARTA AG’s systems, disrupting global battery production and impacting its supply chain. Two weeks later, VARTA revealed the real threats and announced a temporary shutdown of IT systems and output for security reasons.

Pharmaceutical

APT 27, a Chinese hacker group known for attacking Western government agencies, also targeted BfV, a German pharmaceutical and technology Company.

“Besides stealing trade secrets and intellectual property, the hackers tried to penetrate customers’ and service providers’ networks to infiltrate several companies simultaneously.”

Researchers also found a new extortion group, Morpheus, active since December 12, 2024, claiming to have compromised Arrotex Pharmaceuticals (Australia) and PUS GmbH (Germany) through data theft.

The Role of Managed Detection and Response (MDR)

MDR providers like ForeNova are critical in preventing APT groups from becoming successful. ForeNova’s expertise in proactive monitoring, observability, automated incident response, and threat modeling helps protect clients from a wide range of cyberattacks.

NovaMDR, ForeNova’s groundbreaking service, ingests log data from endpoint devices, Microsoft M365, and other sources. Leveraging the AI and ML functions, NovaMDR processes the data in real time and helps detect attacks quickly. This quick reaction capability, combined with the log data processing and automated incident response, helps contain even the early signs of a ransomware attack.

NovaMDR’s ability to handle these early signs of action also reduces the human resource cost of incident response. Organizations that leverage firms like ForeNova can reallocate human capital resources to other parts of the organization.

Benefits of Implementing MDR in Manufacturing

Leveraging NovaMDR for manufacturing creates many positive engagement models. Automotive manufacturers seeking to comply with TISAX can leverage NovaMDR to help monitor critical cybersecurity controls protecting the various supply chain connections and applications required under this compliance mandate.

Chemical manufacturing firms in Germany could also use NovaMDR to monitor intrusion prevention tools, firewalls, and email systems that target Internet-of-things (IoT) devices that control chemical compound distribution systems, environmental controls, and flow control systems.

German machinery firms migrating to industrial 5.0 robotics and automation controls could benefit from having ForeNova monitor these devices. Hackers using ransomware malware attempt to gain control of the computer control units for these automated tools, which can shut down operations entirely. NovaMDR’s ability to process log data in real time and leverage automated incidents can protect machinery’s production line systems from cyberattacks.

Like her German manufacturing firms, pharmaceutical firms continue transforming their research platforms globally by promoting great interconnection and collaboration. This transformation comes with an inherent risk. Organizations working together to find a cure for AIDS and COVID-19 become subject to intellectual property theft from insiders. Contractors, disgruntled employees, or even competitors could be among these insiders.

NovaMDR’s ability to process M365 logs helps determine if someone is attempting to copy valuable data to a USB or using email to send files outbound.

Why ForeNova?

Germany has some of the world’s most advanced manufacturing techniques. However, over two-thirds of German companies have been affected by a security breach, as attackers, some suspected of being foreign spy agencies, seek to steal trade secrets.

ForeNova’s expertise in identifying early signs of a persistent threat through email, endpoint, or network channels helps lower the risk for their German manufacturing clients.

Combining the firm’s knowledge of global APT hacker groups, leveraging their artificial intelligence (AI) and machine learning (ML) defensive capabilities, and compliance reporting support, ForeNova continues to become a strategy service partner to help protect their clients in stopping ATP attacks and intellectual data theft.

The industrial 4.0 and 5.0 manufacturing industry continues to become fully automated, using robotics and additional advanced technology sensors with less human interaction. This strategy helps manufacturers become far more productive and profitable. 

As manufacturers continue to extend their automation and industrial functions, managed detection and response (MDR) services supporting industrial 5.0 will be necessary to secure manufacturing systems and detect and prevent persistent threats, malicious activities, and other sophisticated attacks. 

ForeNova, a global innovator in the MDR cybersecurity industry, continues to increase its advanced threat detection managed services offering to support manufacturing clients in the EU with the NovaMDR platform. 

Are you interested in securing your manufacturing networks and systems from next generation cyberattacks, meeting regulatory requirements, and moving toward a more proactive approach to cybersecurity? 

Risk and Reward Regarding Industrial 5.0 Automation 

Industrial 5.0 factories drive collaboration between human-machine systems and artificial intelligence, which is necessary for global manufacturing to meet their business and financial demands. As more factories become interlocked with others, the need to standardize manufacturing processes, supply chains, and quality control is paramount. 

Cyberattacks, including ransomware attacks, extortion, supply chain fraud, and production outages, curtail the expected efficiencies and financial gains the manufacturers expect. 

Many of these legacy systems exist within a closed-loop network environment, and maintenance updates rarely happen. Manufacturers’ decision to connect these legacy systems and next-generation Internet of Things (IoT) devices opened the door for cyberattacks. Hackers scanning industrial systems now have a direct line to previously secured OT and ICS systems with no remote access and limited network visibility. 

Most manufacturing transformations are not greenfield deployments. Manufacturers will keep existing technologies functioning while migrating to new solutions, including IoT devices, AI-based robotics, remote access, and continuous monitoring. 

These advanced functions have also become liabilities for manufacturing firms. 

Unique Cybersecurity Threats and Vulnerabilities in Manufacturing 

The manufacturing environment’s location shielded legacy OT and ICS systems vulnerabilities from exposure to advanced threats, human error, and zero-day attacks. As these legacy systems become IoT devices, patching and remediation are necessary to prevent phishing attacks, unknown threats, and other potential risks. 

The firmware size on IoT devices is negligible, and they only perform specific product functions. These devices rely on the network and platform infrastructure for cybersecurity protection. Hackers traditionally have targeted networking devices, firewalls, application platforms, identity management systems, and users. Targeting IoT devices is especially appealing since this type of an attack will shut down utility control units and automation factories in Germany and FinTech systems in the United States. 

Factories relying on fewer human resources and more robotics, leveraging IoT devices, become even more risky, mainly because these devices are codependent on each other. 

For example, an electric vehicle has close to 468 sensors running inside the car. Each sensor has a critical role in the vehicle’s functionality. Car manufacturers, like computer manufacturers, create constant firmware updates. These manufacturers leverage firmware-over-the-wire to transmit over 5G or LTE to deliver these patches. 

These cars can now receive firmware updates directly from the Internet, which increases the risk to both the vehicle and the driver. 

However, these IP-enabled sensors will become even more vulnerable to cyberattacks without the ability to receive firmware updates over the wire. 

How does NIS2 align with the Manufacturing Sector? 

“The EU’s NIS2 directive addresses increasing cyber threats by imposing strict security obligations on essential service operators, including manufacturing. Compliance is vital for protecting infrastructure, supply chains, and intellectual property.” 

Annex II of the NIS2 directive outlines specific manufacturing sectors affected by its cybersecurity requirements: 

• Medical devices 

• Electrical equipment 

• Machinery and equipment 

• Motor vehicles 

• Computers, electronics, and optical equipment 

• Robotics 

Outside in compiling with NIS2, manufacturers have several reasons to leverage this compliance framework to guide where they need to focus their cybersecurity protection efforts. 

These relevant areas include: 

Protection of Critical Infrastructure Against Cybersecurity Challenges 

A recent study reveals that 80% of manufacturing firms have encountered at least one cybersecurity incident, highlighting the critical necessity for strong protective measures. These measures aim to avert severe disruptions in manufacturing processes, maintain uninterrupted production, and safeguard against substantial financial and reputational harm. 

Increase Cybersecurity Protection for Supply Chains 

A recent study found that 70% of organizations faced supply chain attacks last year, underscoring the need for enhanced security protocols. The NIS2 cybersecurity framework can mitigate risks by leveraging technology and solutions partners to help protect customer data.  

Manufacturers can protect their digital landscape by securing supply chains, ensuring business continuity, and enhancing resilience. 

Providing Robust Security During the Industrial 5.0 Transformation 

A recent study shows that 75% of manufacturers have faced more cyber threats in recent years. NIS2 compliance requires strong cybersecurity measures and rapid incident response capabilities, ensuring innovations do not jeopardize sector security. 

Protect Trade Secrets and Intellectual Property 

Manufacturers can protect their intellectual assets from breaches and espionage using comprehensive protection strategies, including encryption, multi-factor authentication, and advanced intrusion detection systems to establish robust defenses against attackers. 

Meet NIS2, GDPR, and other EU Compliance Mandates 

NIS2 compliance is vital for key manufacturing entities. “Non-compliance may cause penalties of up to 10 million euros or 2% of annual revenue, severely damaging the organization’s reputation.” 

Creating the Proper Cybersecurity Architecture for Protecting a Manufacturing Facility 

Securing the network, adding advanced identity management, and private VLANS are nothing new in the manufacturing sector. However, to address the increase in attack velocity from AI-based adversarial attacks, manufacturers need to make far more investments in next-generation networks, security operations centers, real-time threat detection, and advanced threat intelligence architectures to meet these challenges. 

Zero-Trust Security Strategies 

However complex, manufacturers recognize the critical importance of Zero-trust, especially with the increase in remote access into industrial 5.0 platforms, hosts, and devices. Zero-trust centralized all access to devices and hosts while serving human and machine-based authentication. This security protection layer also blocks direct connection access to industrial 5.0 robotic devices, water control units, solar farm devices, and other OT related functions. 

Advanced Email Security Powered by AI 

Sophisticated threats, including email phishing, continue to be among the manufacturing sector’s most challenging cyberattacks. Hackers using spear phishing techniques develop well-crafted email messages loaded with malicious links and malware and leverage language, attempting to lure factory managers, supply chain administrators, and plant operations teams to click on these messages. 

Ransomware-as-a-service leverages email phishing as the delivery for their attack tools. Manufacturing firms must upgrade to AI-powered email security to help protect human and machine-leveraging emails to communicate status updates. 

Updated Endpoint Detection  

Endpoint security tools are widespread within traditional enterprise environments. Industrial control units leveraging Linux, macOS, and Microsoft Windows must add an endpoint agent to protect these critical hosts. 

Data Protection 

Industrial 5.0 platforms generate considerable data, including applications, robotics, and IoT devices. Protecting this data is critical for manufacturing because this content is essential for leveraging AI and ML capabilities for better platform operations and decision-making. 

Managed Detection and Response Services (MDR) 

MDR for manufacturing continues to gain importance, specifically for firms that struggle to migrate to industrial 5.0 architectures. MDR helps provide continuous monitoring, automated incident response, and remediation capabilities for legacy security devices and next-generation cybersecurity controls. 

Why ForeNova? 

ForeNova helps manufacturers protect their existing and future factories with various managed service solutions. By leveraging their NovaMDR platform, ForeNova brings together network, endpoint, and host-based security controls reporting a unified management console center. This console provides automated incident response, captures critical attack data, launches remediation capabilities, and provides reporting for compliance requirements. 

The NovaMDR platform extended several additional capabilities, including 24×7 monitoring and access to security platform books, all delivered within an affordable cost model. 

ForeNova’s expertise in NIS2 compliance and extensive experience supporting the German automotive industry’s TISAX compliance framework also benefits clients in the EU.