Manufacturing: Mexico’s Top Cyberattack Target

The manufacturing industry has become the primary target for cybercriminals in Mexico, concentrating nearly 30% of all detected incidents. This positions the industry ahead of sectors like the government, according to a recent report from cybersecurity corporation Kaspersky.

The focus on Mexico’s manufacturing industry contrasts with patterns observed in other Latin American countries. Fabio Assolini, Director of the Global Research and Analysis Team for Latin America, Kaspersky, highlights that the government is still the most affected sector in the region, but in Brazil and Mexico, the most affected sector is industry.

According to data collected by Kaspersky over the past 12 months, Latin America recorded 626 million malware attacks. Of this total, Mexico accumulated 108 million detections. This volume translates to an average of 297,000 cyberattack attempts per day and confirms the country has the second-highest level of malicious activity in the region, surpassed only by Brazil, Assolini tells El Economista.

The distribution of attacks by sector within the country reveals manufacturing's specific vulnerability. The discrete and process manufacturing categories together account for 28.97% of all detections. By comparison, the government sector ranks second with 13.39% of incidents, followed by retail with 6.16% and agriculture with 5.72%. Other critical infrastructure sectors, such as energy, telecommunications, and finance, face threats of high potential impact despite accounting for smaller shares.

Attack Vectors and Predominant Threats

While adware and risk tool detections are common, the threats that cause substantial operational and economic damage combine multiple tactics. Phishing remains the preferred initial access vector for attackers, says Assolini. Through mass-mailing platforms and phishing-as-a-service offerings, malicious actors successfully compromise user credentials.

After gaining access, the next step is to exploit known vulnerabilities, particularly in widely used software like Microsoft Office. This combination allows attackers to escalate privileges and deploy more damaging payloads, such as ransomware or backdoors, which provide persistent control over compromised systems. 

The report documents patterns where a single successful phishing email was sufficient to escalate an attack, directly impacting payment systems or operational processes in production plants. 

Strategic Recommendations and Mitigation Measures

In response to this scenario, Kaspersky analysts urge companies to implement a roadmap centered on converging technical and governance measures to strengthen the cybersecurity posture of the manufacturing sector. This roadmap should focus on:

1. Continuous Vulnerability Management: Implement a robust patch management program, giving special attention to Operational Technology (OT) components that integrate with Information Technology (IT) networks.

2. Network Segmentation: Establish strict segmentation between industrial and administrative networks to contain an attack's lateral movement and protect critical production processes.

3. Proactive Detection and Response: Deploy advanced detection and response solutions, for example Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR) platforms, to identify and neutralize threats in their early stages.

4. Training and Drills: Invest in continuous employee training to recognize phishing attempts and other social engineering methods, complemented by practical incident response exercises.