Manufacturing

Who: Johnson Controls International, a multinational conglomerate specializing in industrial control systems and security equipment, fell victim to a ransomware attack by the Dark Angels ransomware gang in September 2023.

What: The cyberattack involved unauthorized access, data exfiltration, and ransomware deployment, leading to a data breach. The Dark Angels gang claimed to have stolen over 27 TB of confidential data and demanded a $51 million ransom.

How: The attack originated from the firm's Asia offices, spreading throughout the network and forcing a shutdown of IT infrastructure, impacting customer-facing systems. Johnson Controls confirmed expenses of $27 million for responding to and remediating the cyberattack. Despite the breach, the company believes unauthorized activity is contained, and digital products and services are available. Ongoing assessments may result in increased costs as data is analyzed with external cybersecurity experts.

Dark Angels ransom note in Johnson Controls cyberattack

Source: BleepingComputer

Read the full article HERE

High-severity flaws in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners expose potential code execution. Bosch addressed the BCC100 vulnerability (CVE-2023-49722) in November 2023, closing an open port used for unauthorized connections.

Rexroth faces over two dozen flaws allowing attackers to disrupt operations, tamper with configurations, or install ransomware. Patches expected by January 2024; users advised to limit network reachability.

Read the full article HERE

A cybersecurity incident will cost the Brunswick Corporation as much as $85 million, the company’s CEO told investors last week.

The billion-dollar boating manufacturing firm announced a cyberattack on June 13 that impacted their systems and some of their facilities. The company brought in nearly $6 billion in revenue in 2021 and operates in 24 countries.

Brunswick officials did not confirm that the incident was a ransomware attack but said they were forced to stop operations in some locations while experts and law enforcement dealt with the incident.

During the company’s earnings call last week, CEO Dave Foulkes told investors and board members that the attack had a devastating effect on the company’s Q2 financial outlook.

Foulkes explained that the “IT security incident” caused “second quarter financial results that were lower than initial expectations.” After announcing the incident, it took the company nine days to get back up and running — critical time lost for a manufacturing company of Brunswick’s size.

Read the full article HERE

I am regularly inundated with cybercrime reports, and they all have at least two data points in common: ransomware is one of the most popular attack types used by threat actors (read: cybercriminals), and the manufacturing industry is one of the most popular targets for ransomware attacks.

Verizon’s 2023 Data Breach Investigations Report (DBIR) contains a wealth of well-presented information including explainers for anyone interested in cybersecurity, and it validates these points. Ransomware was present in 15.5% of all cybercrime incidents included in the study, with only denial of service (DoS) attacks topping it on the list. And where an incident resulted in a successful breach, 24% of those breaches involved a ransomware attempt, second only to use of stolen credentials.

Manufacturing, according to the DBIR, saw the fourth-largest number of incidents behind the public administration, information and finance industries, in that order. And these cybercriminals don’t have political or social motives, they just want cash. Financial motivations dictated a whopping 96% of bad actors’ motives when they attacked the manufacturing sector.

Why is the manufacturing sector so popular a target?

Cybersecurity reports on industrial cybercrime often imply that these are fresh threats, raising another question: How long has this gone on? Is this actually new or is there hype at play (considering the companies presenting these reports usually have cybersecurity products on offer)?

Manufacturers Often Pay Ransoms

A big reason why manufacturing is such a target: Manufacturers often pay when attacked because even small incursions can have huge repercussions.

The larger the constituency affected by a ransomware attack, the more likely a victim pays ransoms. In manufacturing, a successful attack may cause tremendous and cascading amounts of damage if it targets critical plant equipment. Supply chain fragility creates long-reaching ripple effects when cyberattacks succeed on these targets. Taking a few production lines down for even a few days could have serious effects on meeting production and distribution targets.

“If a manufacturing line is brought down, there’s an immediate impact to a larger audience. Consider the impact to customers that an attack on Colonial Pipeline caused. To avoid impact to their customers, and to keep the service level agreements that manufacturers have with their supply chain, they have been known to agree to pay the ransom, which encourages bad guys to target them more,” says Ryan Cloutier, president of SecurityStudio.

Read the full article HERE

Swedish-Swiss robotics and automation major ABB Ltd. recently faced a cybersecurity incident that disrupted operations. The Zurich-headquartered company – which was until 2020, Switzerland’s largest industrial employer, says that the security incident directly affected certain locations and systems and that work is in progress to contain the same.

Eike Christian Meuter, group spokesperson at ABB, tells ETCISO that to address the situation, the company “has taken, and continues to take, measures to contain the incident.”

These measures, he says, resulted in some disruptions to its operations which the company is addressing. “The vast majority of its systems and factories are now up and running and ABB continues to serve its customers in a secure manner,” says Meuter.

Read the full article HERE