Manufacturing Cybersecurity

Attacks demonstrating the urgent need for cybersecurity for manufacturing companies

• O’Neil Industries: In February 2023, the holding company of several companies in the metal industry, based in the USA, sustained a cyberattack. The company reported that an unauthorized party had gained access to consumers’ names, social security numbers and addresses.
• Toyota: In January 2023, Toyota Motor corporation revealed that a data breach at Toyota Kirloskar Motor, a joint venture with the Indian conglomerate Kirloskar Motor, may have compromised the personal information of nearly 300,000 of its customers. The company issued a statement: “In December 2017, the ‘T-Connect’ website development subcontractor mistakenly uploaded part of the source code to their GitHub account while it was set to be public, in violation of the handling rules.”
• Pepsi: In late December 2022 cybercriminals penetrated the network of Pepsi Bottling Ventures, which operates 18 facilities in the USA, and installed malware to extract and steal data from the company’s IT systems. The attack was discovered only 2.5 weeks later. The number of affected individuals, and whether they were customers or employees, was unclear, but it seems that the affected data included full names, home addresses, financial account information (including PINs, passwords and access numbers), state and federal issued ID numbers and driver’s license numbers, ID cards, social security numbers, passport information, digital signatures and information related to benefits and employment, including medical history and claims – as reported by Bleeping Computer.
• Ferrari: In October 2022, cybercriminals claimed to have obtained company documents and data at a scope of 7GB, which they then posted on dark web leak site. Ferrari had previously suffered the effects of a cyberattack on the Italian manufacturer Speroni in 2021, when 900 GB of data were stolen, containing sensitive information also on other Italian car manufacturers, including Fiat and Lamborghini.
• THALES Group: The multinational company (81,000+ employees worldwide) was targeted in a ransomware attack at the end of October 2022. The attackers began releasing data they claimed to have stolen when the ransom was not paid. THALES continued to maintain that its IT system had not been breached. THALES had been the victim of a ransomware attack in January 2022 as well, had also refused to pay ransom on that occasion, resulting in its files being leaked.
• Iranian steel companies: In June 2022, Several Iranian steel companies sustained cyberattacks that disrupted the operation at one site, possibly more. An Iranian hacker group, which had previously attacked Iranian Rail in mid-2021, also claimed responsibility for this attack.
• DENSO Automotive Deutschland: A ransomware attack was perpetrated against the company in March 2022, in which 1.4 TB of data, some of which was proprietary data, were stolen by the attackers. DENSO is the second largest automotive parts manufacturer in the world and the no. 1 parts supplier of Toyota.
• Nvidia: In March 2022, the chips and graphic cards producer sustained a cyberattack in which substantial data was accessed by the perpetrators, according to some reports – up to 1 TB.
• KP Snacks: The British snacks producer was targeted in a ransomware attack in February 2022. The company’s data was encrypted and stolen, and some of it was posted on the dark net. Its supply chain was also impacted; KP Snacks released a statement saying that it could not “safely process orders or dispatch goods.”
• Kojima Industries, affecting Toyota: An attack in February 2022 on Kojima Industries, which supplies Toyota with key components for cars, led to the suspension of operations at 14 manufacturing plants in Japan for at least 24 hours. The suspected perpetrators are Russian.
• Bridgestone Americas: The U.S. division of Bridgestone Corporation, a Japanese-owned tire company manufacturing and selling tires in more than 150 companies, suffered a cyberattack in February 2022. As a result, the company was forced to shut down a significant share of its manufacturing plants. It was revealed that the hackers accessed sensitive consumer information.
• Quanta Computers: The Taiwanese company, whose clients include Apple, Lenovo, Microsoft, Dell and Cisco, was targeted in a ransomware attack perpetrated by the Russian hacking group REvil in April 2021. The cybercriminals initially demanded payment of US$ 50 million from Quanta in return for the stolen data. The data included engineering and manufacturing schematics of current and future Apple products. When Quanta refused to pay the ransom they demanded, the hackers sent their demand to Apple.
• BMW: APT hackers breached the network of the German multinational manufacturer of luxury vehicles in 2019. According to German media, the hackers, who are suspected of being connected to the government of Vietnam, also hacked into Hyundai’s systems as well. Their aim seems to have been to steal trade secrets. ZDNet reported that the attackers allegedly installed a penetration testing toolkit named Cobalt Strike on infected hosts, which they used as a backdoor into the compromised network. It added that BMW had supposedly allowed the hackers to persist on its network, and followed their every move, cutting off their access at the end of November.

Cybersecurity for the manufacturing sector must be affordable, not only effective

Reports show that far too many manufacturers do not implement effective cybersecurity means due to high cost. Among these are Make UK’s Cybersecurity in UK Manufacturing report for 2022, which states that 41% of manufacturing companies that participated in its study stated the high cost of cybersecurity solutions as a barrier, and that 35% identified added cost or time in maintaining cybersecurity systems as the obstacle. The organization also reported that while 89% of the respondents invested heavily in antivirus software and firewalls to secure Internet connections, these investments were insufficient for dealing with new threats resulting from the recent adoption of digital technologies like industrial IoT. In fact, 54% admitted that they had made a conscious decision not to implement further cybersecurity means despite having introduced new technologies to boost their production capability.

These findings underscore the importance of cybersecurity solutions for the manufacturing industry which are not only effective at dealing with the threats, but are also ones that manufacturers can afford.

ACID’s cost-effective cyber security for the manufacturing sector

ACID offers an exceptionally cost-effective solution for the manufacturing sector: It deploys clusters of bots and implements advanced AI algorithms in order to detect the first signs of an attack in the clear, deep and dark web, as well as in multiple other sources, as early as in its initial planning phase. Once such signs are detected, ACID alerts the targeted organization in real time, providing all the available information – including screenshots of threats detected on the dark web and deep web, which the company in the cybercriminals’ crosshairs may be reluctant to access itself, or is incapable of doing so. ACID continues to monitor the sources, using client-specific keywords in several languages, and provides updates with any additional data as it becomes available. While ACID continuously monitors a great number of sources, if the manufacturer wishes to include additional ones in the search, or add key words, ACID is happy to oblige.

The real time alerts provided by ACID at the first hint of an attack, and the subsequent updates with additional information as it becomes available, enable the IT teams of manufacturing companies to prepare and implement countermeasures that will mitigate the impact of the attack, or possibly thwart it altogether. Manufacturers are thus supported in avoiding the theft of sensitive data and its exposure to competitors, heavy ransom payments and operational disruption.