The Top 8 Manufacturing Industry Cyberattacks

September 29, 2020

Cybersecurity breaches can prove extremely costly.

And for manufacturing companies that’s especially true. In addition to forcing the closure of one or more plants, a cyberattack can expose sensitive data and result in a failure to fulfill customer orders.

Many attacks in the  manufacturing sector include the theft of intellectual property. Should a competitor use that data to launch a competing product, it could lead to a loss of market share or the eventual demise of the manufacturer victimized in the attack. In extreme circumstances, the most severe attacks can result in permanent damage to a manufacturer's plant and equipment.

In its 13th annual Data Breach Investigations Report, Verizon noted that 73% of attacks launched against the manufacturing sector were motivated by financial reasons, with the balance involving espionage. Additionally, Verizon found that 75% of attacks involved external forces, while internal threats accounted for the remainder.

The risk of getting attacked is quite high for organizations involved in manufacturing. In a study of the manufacturing sector by Sikich, a U.S.-based accounting firm, 50% of companies reported having experienced a data breach or cyberattack in the previous 12 months.

As manufacturers continue to embrace digitization, sometimes referred to as Industry 4.0, cybercriminals will consider the sector a high-value target. To give you a sense of what threats are coming your way, here are eight recent cyberattacks and cyberthreats that caused big problems for leading manufacturing companies.

The Biggest Manufacturing Industry Cyberattacks 

8. OXO International

OXO International, a New York-based manufacturer, discovered a breach that exposed its customer information at various periods between June 2017 and October 2018.

The company discovered malicious code on its website, designed to steal customer data—including payment card information and addresses—from the company's checkout page.

  • Cyberattack type: MageCart/Data skimming
  • Location: New York
  • Cost: Undisclosed
  • People affected: Undisclosed

To address the situation, OXO remediated its vulnerabilities, reissued customer login credentials, and provided customers with identity monitoring services offered by Kroll. It also notified the California Attorney General's Office of the breach.

7. Visser Precision

Visser Precision, a space and defense manufacturer, experienced an attack involving DoppelPaymer ransomware, which encrypts and exfiltrates data. The ransomware first appeared around April 2019 and is believed to have originated in Russia.

Researchers discovered sensitive company documents, including non-disclosure agreements with Tesla, SpaceX, and General Dynamics, that had been published on a hacker's website created to publicize the list of files stolen in the attack. In addition to the non-disclosure agreements, the theft also included a Lockheed Martin schematic for a missile antenna.

  • Cyberattack type: Ransomware
  • Location: Denver, Colorado
  • Cost: Undisclosed

The company acknowledges the attack, but states it had no impact on operations.

6. Hanesbrands, Inc.

The American clothing manufacturer Hanesbrands was the victim of a cyberattack in June 2015. The attack took place via the company's website, where the hacker pretended to be a guest customer checking on an order.

Using this approach, the hacker leveraged gaps in security to ultimately gain access to a database with nearly a million addresses, phone numbers, as well as the last four digits of the payment card on file for customers who used the guest check-out option. The attack did not expose the customers' usernames or passwords.

According to the Wall Street Journal, the hacker was able to access the order statuses for all customers using the guest check-out option for approximately a week.

  • Cyberattack type: Website compromise/records breach
  • Location: Winston-Salem, North Carolina
  • Cost: Undisclosed
  • People affected: 900,000

While the hacker gained access to the company's pending orders, they did not secure access to Hanesbrands’ corporate systems. The company notified customers of the breach via email or postal mail.

5. DuPont

Gary Min, a research chemist, pleaded guilty to misappropriating DuPont's intellectual property in 2007. Following Min's resignation from the company in 2005, DuPont discovered that he had downloaded approximately 22,000 abstracts from the company's electronic data library, and had accessed 16,706 documents.

The information Min accessed was unrelated to his primary research responsibilities and areas of expertise. Instead, it involved DuPont's primary technologies and products, including some in the research and development phase.

  • Cyberattack type: Insider
  • Location: Delaware
  • Cost: $400+ million (fair market value of technology accessed)

Once DuPont discovered Min's illicit activity, it contacted the FBI, which conducted a search of Min's home. The FBI located DuPont documents stored on several computers. As the agents entered the house, a software erasure program was deleting information from one of Min's computers.

Agents also located garbage bags with shredded DuPont documents and the remnants of the company's documents in a fireplace. Agents found additional DuPont documents located in a storage unit of an apartment.

Min received an 18-month prison sentence and a fine of $30,000, as well as a restitution order for $14,500.

Sparks from a machine inside of a manufacturing assembly line.

4. FACC

A 2016 attack that targeted the accounting department of FACC AG, an Austrian airplane component manufacturer, resulted in at least $55.8 million in losses.

The fraud started with a whaling attack, which involves a cybercriminal sending an email that appears to be from a senior executive at the targeted firm. In this case, the email seemed to come from the company's CEO. The email asked an FACC employee to send funds related to what was a fake acquisition.

  • Cyberattack type: Whaling attack
  • Location: Austria
  • Cost: Between $55.8 and $61 million

In the aftermath of the attack, FACC fired its CEO and CFO. Authorities in Hong Kong arrested a Chinese citizen, who was connected to a firm that received approximately €4 million from FACC and was believed to be involved in laundering the proceeds.

While the initial reports pegged the losses at $55.8 million, subsequent reports increased the estimated loss to $61 million. Ultimately, FACC sued the now-former CEO and CFO for $11 million for their alleged failure to protect the company from an attack.

3. Norsk Hydro

As the result of a devastating cyberattack involving the LockerGoga ransomware, Norsk Hydro, a multinational aluminum manufacturer with operations in 40 countries, closed many of its plants and was forced to move others offline.

The attack compromised the firm's IT systems across multiple business functions, including the company's smelting plants in Norway, Qatar, and Brazil.

  • Cyberattack type: Ransomware
  • Location: Norway, Qatar, Brazil
  • Cost: $75 million

While the particular method hackers used to enter the company's network and deploy the ransomware remains unclear, researchers believe they used credentials gathered from a previous phishing attack or bought on the black market.

In addition to Norsk Hydro, the LockerGoga attack also impacted Altran, a French consulting firm, as well as two U.S. chemical manufacturing firms, Hexion and Momentive.

2. Renault-Nissan

In 2017, Renault-Nissan experienced a cyberattack involving the WannaCry ransomware that stopped production at five plants located in England, France, Slovenia, Romania, and India.

To prevent the spread of the infection throughout the company's corporate environment, the company disconnected the infected plants from its network.

  • Cyberattack type: Ransomware
  • Location: England, France, Slovenia, Romania, India
  • Cost: Undisclosed

The attack took place on a Friday, and the plants with compromised systems were able to return to normal operating conditions the following Monday. The company declined to disclose how the attack took place.

WannaCry ransomware, which targeted the Microsoft Windows operating system, appeared in 150 countries and is estimated to have infected approximately 200,000 devices. In one attack alone, WannaCry reportedly cost the UK's National Health Service £92 million.

While estimates vary regarding the total damage worldwide as a result of WannaCry, some speculate the losses were as high as $4 billion.

1. Mondelez

Also in 2017, Mondelez, a multinational food and beverage company, succumbed to an attack that leveraged the encrypting malware NotPetya. The attack permanently damaged 1,700 servers and 24,000 laptops. It also impacted production facilities around the globe.

Mondelez says that the attack included the theft of thousands of user credentials and impacted the company's ability to complete customer orders.

  • Cyberattack type: Encrypting malware
  • Location: Global
  • Cost: $100 million

Mondelez sued its insurance company, Zurich, due to the insurer's decision not to pay an insurance claim. The insurer claimed the use of NotPetya was an act of war not covered under the policy. Similarly, Merck sued its insurance company for $1.3 billion in damages from a cyberattack.

The NotPetya attack also damaged operations at Maersk, which lost $300 million, at FedEx, which lost $400 million, and at Rosneft, a Russian oil company.

According to statements made to WIRED magazine, the White House estimated that NotPetya generated $10 billion in damages.

How to Bolster Your Cybersecurity Defenses

With the explosive growth in industrial IoT, the threat landscape in the manufacturing industry continues to change and the attack surface expands, with operational technology and information technology environments now more intricately linked. The integration of operational technology is particularly problematic as it often involves legacy solutions that have not been replaced or upgraded and, therefore, come with significant security weaknesses.

Arctic Wolf provides manufacturers with customized security operation solutions, which include round-the-clock, on-demand access to a dedicated team of security experts with extensive experience helping manufacturers harden their cybersecurity defenses.

Learn more about how we keep manufacturing organizations safe and secure. And for information on major cyberattacks, check out the Top 8 Legal Industry Cyberattacks

Previous Article
Insight from The State of Cybersecurity: 2020 Trends
Insight from The State of Cybersecurity: 2020 Trends

Next Article
The Cloud Threat Report Shows Why You Can’t Take Cloud Security for Granted
The Cloud Threat Report Shows Why You Can’t Take Cloud Security for Granted

Embracing the cloud broadens your attack surface and exposes your network and systems to new vulnerabilitie...

×

Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Company
Country
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!