Cybersecurity breaches are extremely costly. According to IBM, the average cost of a data breach in 2022 was $4.35M. But things got even more expensive for manufacturing companies, who saw their average cost climb to $4.47M in 2022, an increase of USD 5.4% over the previous year.
Manufacturers often face greater losses in both operations and revenue due to cyber attacks that force the closure of one or more plants while the damage is undone. In addition to these closures, a cyberattack on manufacturers can also expose sensitive data and result in a failure to fulfill customer orders.
Additionally, many attacks in the manufacturing sector include theft of intellectual property. Should a competitor use that data to launch a competing product, it could lead to a loss of market share, or the eventual demise of the manufacturer victimized in the attack. In extreme circumstances, the most severe attacks can result in permanent damage to a manufacturer’s plant and equipment.
In its 2022 edition of the Data Breach Investigations Report, Verizon noted that the manufacturing industry is beset by social engineering attacks, system intrusion, and web application attacks — which represented 88% of breaches.
Additionally, 88% of attacks launched against the manufacturing sector were motivated by financial reasons, with the same percentage of attacks involving external forces.
In short, the risk of getting attacked is quite high for organizations involved in manufacturing. As manufacturers continue to embrace digitization, sometimes referred to as Industry 4.0, cybercriminals will continue to consider the sector a high-value target. To give you a sense of what threats are coming your way, here are the top ten cyberattacks and cyberthreats that caused big problems for leading manufacturing companies.
The Biggest Manufacturing Industry Cyberattacks
10. OXO International
OXO International, a New York-based manufacturer, discovered a breach that exposed its customer information at various periods between June 2017 and October 2018.
The company discovered malicious code on its website, designed to steal customer data—including payment card information and addresses—from the company’s checkout page.
To address the situation, OXO remediated its vulnerabilities, reissued customer login credentials, and provided customers with identity monitoring services offered by Kroll. It also notified the California Attorney General’s Office of the breach.
- Cyberattack type: MageCart/Data skimming
- Location: New York
- Cost: Undisclosed
- People affected: Undisclosed
9. Visser Precision
Visser Precision, a space and defense manufacturer, experienced an attack involving DoppelPaymer ransomware, which encrypts and exfiltrates data. The ransomware first appeared around April 2019 and is believed to have originated in Russia.
Researchers discovered sensitive company documents, including non-disclosure agreements with Tesla, SpaceX, and General Dynamics, that had been published on a hacker’s website created to publicize the list of files stolen in the attack. In addition to the non-disclosure agreements, the theft also included a Lockheed Martin schematic for a missile antenna.
- Cyberattack type: Ransomware
- Location: Denver, Colorado
- Cost: Undisclosed
8. Hanesbrands, Inc.
The American clothing manufacturer Hanesbrands was the victim of a cyberattack in June 2015. The attack took place via the company’s website, where the hacker pretended to be a guest customer checking on an order.
Using this approach, the hacker leveraged gaps in security to ultimately gain access to a database with nearly a million addresses, phone numbers, as well as the last four digits of the payment card on file for customers who used the guest check-out option. The attack did not expose the customers’ usernames or passwords.
According to the Wall Street Journal, the hacker was able to access the order statuses for all customers using the guest check-out option for approximately a week.
While the hacker gained access to the company’s pending orders, they did not secure access to Hanesbrands’ corporate systems. The company notified customers of the breach via email or postal mail.
- Cyberattack type: Website compromise/records breach
- Location: Winston-Salem, North Carolina
- Cost: Undisclosed
- People affected: 900,000
7. JBS
Reportedly engineered by Russia’s REvil hacker collective, the ransomware attack on JBS servers halted meatpacking operations at multiple plants for upwards of five days. This disrupted meat production and distribution across the country and deprived many non-union employees of several days’ wages.
It has not yet been disclosed how the hackers gained access to the JBS system, but in a statement JBS indicated that, while it was able to get most of its systems operational without REvil’s help, it chose to pay $11 million in ransomware to keep the files safe.
- Type: Remote access hijack / ransomware
- Location: Australia, Canada and U.S.
- Cost: $11 million
- Impact: Plant closures
6. Advantech
While organizations in government, healthcare, and education have become increasingly popular targets to hacking groups, incidents at other businesses both large and small are also more common. One example is a 2020 attack that occurred at Advantech, a large IOT manufacturer.
The breach was discovered when Advantech received a ransom request for 750 bitcoins (valued $14 million at the time). In return for the ransom, attackers promised to delete stolen data and decrypt all affected systems.
How much data did the attackers steal? Well, they claimed that the data they published on their leak site, which was over 3GB, was only about two percent of the total data they had. Advantech would not comment on whether the ransom was paid but stated that it was in the process of recovering from the breach and that operations were returning to normal.
- Type: Ransomware
- Location: Taiwan
- Cost: Undisclosed, but could be as high as $14M
- Impact: Major business disruptions
5. DuPont
Gary Min, a research chemist, pleaded guilty to misappropriating DuPont’s intellectual property in 2007. Following Min’s resignation from the company in 2005, DuPont discovered that he had downloaded approximately 22,000 abstracts from the company’s electronic data library, and had accessed 16,706 documents.
The information Min accessed was unrelated to his primary research responsibilities and areas of expertise. Instead, it involved DuPont’s primary technologies and products, including some in the research and development phase.
Once DuPont discovered Min’s illicit activity, it contacted the FBI, which conducted a search of Min’s home. The FBI located DuPont documents stored on several computers. As the agents entered the house, a software erasure program was deleting information from one of Min’s computers.
Agents also located garbage bags with shredded DuPont documents and the remnants of the company’s documents in a fireplace. Agents found additional DuPont documents located in a storage unit of an apartment.
Min received an 18-month prison sentence and a fine of $30,000, as well as a restitution order for $14,500.
- Cyberattack type: Insider
- Location: Delaware
- Cost: $400+ million (fair market value of technology accessed)
4. FA-CC
A 2016 attack that targeted the accounting department of FACC AG, an Austrian airplane component manufacturer, resulted in at least $55.8 million in losses.
The fraud started with a whaling attack, which involves a cybercriminal sending an email that appears to be from a senior executive at the targeted firm. In this case, the email seemed to come from the company’s CEO. The email asked an FACC employee to send funds related to what was a fake acquisition.
In the aftermath of the attack, FACC fired its CEO and CFO. Authorities in Hong Kong arrested a Chinese citizen, who was connected to a firm that received approximately €4 million from FACC and was believed to be involved in laundering the proceeds.
While the initial reports pegged the losses at $55.8 million, subsequent reports increased the estimated loss to $61 million. Ultimately, FACC sued the now-former CEO and CFO for $11 million for their alleged failure to protect the company from an attack.
- Cyberattack type: Whaling attack
- Location: Austria
- Cost: Between $55.8 and $61 million
3. Norsk Hydro
As the result of a devastating cyberattack involving the LockerGoga ransomware, Norsk Hydro, a multinational aluminum manufacturer with operations in 40 countries, closed many of its plants and was forced to move others offline.
The attack compromised the firm’s IT systems across multiple business functions, including the company’s smelting plants in Norway, Qatar, and Brazil.
While the particular method hackers used to enter the company’s network and deploy the ransomware remains unclear, researchers believe they used credentials gathered from a previous phishing attack or bought on the black market.
In addition to Norsk Hydro, the LockerGoga attack also impacted Altran, a French consulting firm, as well as two U.S. chemical manufacturing firms, Hexion and Momentive.
- Cyberattack type: Ransomware
- Location: Norway, Qatar, Brazil
- Cost: $75 million
2. Renault-Nissan
In 2017, Renault-Nissan experienced a cyberattack involving the WannaCry ransomware that stopped production at five plants located in England, France, Slovenia, Romania, and India.
To prevent the spread of the infection throughout the company’s corporate environment, the company disconnected the infected plants from its network.
The attack took place on a Friday, and the plants with compromised systems were able to return to normal operating conditions the following Monday. The company declined to disclose how the attack took place.
WannaCry ransomware, which targeted the Microsoft Windows operating system, appeared in 150 countries and is estimated to have infected approximately 200,000 devices. In one attack alone, WannaCry reportedly cost the UK’s National Health Service £92 million.
While estimates vary regarding the total damage worldwide as a result of WannaCry, some speculate the losses were as high as $4 billion.
- Cyberattack type: Ransomware
- Location: England, France, Slovenia, Romania, India
- Cost: Undisclosed
1. Mondelez
Also in 2017, Mondelez, a multinational food and beverage company, succumbed to an attack that leveraged the encrypting malware NotPetya. The attack permanently damaged 1,700 servers and 24,000 laptops. It also impacted production facilities around the globe.
Mondelez says that the attack included the theft of thousands of user credentials and impacted the company’s ability to complete customer orders.
Mondelez sued its insurance company, Zurich, due to the insurer’s decision not to pay an insurance claim. The insurer claimed the use of NotPetya was an act of war not covered under the policy. Similarly, Merck sued its insurance company for $1.3 billion in damages from a cyberattack.
The NotPetya attack also damaged operations at Maersk, which lost $300 million, at FedEx, which lost $400 million, and at Rosneft, a Russian oil company.
According to statements made to WIRED magazine, the White House estimated that NotPetya generated $10 billion in damages.
- Cyberattack type: Encrypting malware
- Location: Global
- Cost: $100 million
How to Bolster Your Cybersecurity Defenses
With the explosive growth in industrial IoT, the threat landscape in the manufacturing industry continues to change and the attack surface expands, with operational technology and information technology environments now more intricately linked. The integration of operational technology is particularly problematic as it often involves legacy solutions that have not been replaced or upgraded and, therefore, come with significant security weaknesses.
Arctic Wolf provides manufacturers with customized security operation solutions, which include round-the-clock, on-demand access to a dedicated team of security experts with extensive experience helping manufacturers harden their cybersecurity defenses.
Learn more about how we keep manufacturing organizations safe and secure. And for more information on major industry targeted cyber attacks, check out:
