《卡巴斯基:2023H1工业自动化系统威胁报告(英文版)(31页).pdf》由会员分享,可在线阅读,更多相关《卡巴斯基:2023H1工业自动化系统威胁报告(英文版)(31页).pdf(31页珍藏版)》请在三个皮匠报告上搜索。
1、 H1 2023 a brief overview of main incidents in industrial cybersecurity Version 1.2 05.10.2023 H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 1 2023 AO KASPERSKY LAB Instead of an Introduction.4 Manufacturing.7 Trodat hit by ransomware.7 Lumila hit by ransomware.7 Bernina hit
2、 by ransomware.7 Anton Paar Group hit by ransomware.8 Automatic Systems hit by ransomware.8 Yamaha Corporation hit by ransomware.8 Morgan Advanced Materials hit by cyberattack.9 Fritzmeier Group hit by cyberattack.9 Gates Corporation hit by cyberattack.9 Stiles Machinery hit by cyberattack.10 Burton
3、 hit by cyberattack.10 STEICO hit by cyberattack.10 Groupe SEB hit by cyberattack.10 Hahn Group hit by cyberattack.11 Storopack hit by cyberattack.11 Bobst hit by cyberattack.11 YKK hit by cyberattack.12 Automotive.12 Trves Group hit by ransomware.12 Rosenbauer Group hit by ransomware.12 Ferrari hit
4、 by ransomware.13 Exco Technologies hit by cyberattack.13 Ziegler hit by cyberattack.13 SAF Holland hit by cyberattack.14 Rheinmetall hit by cyberattack.14 Hyundai data breach.14 Suzuki Motorcycle India hit by cyberattack.15 Laremo hit by ransomware.15 H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN I
5、NDUSTRIAL CYBERSECURITY 2 2023 AO KASPERSKY LAB Power and energy.15 Aker Solutions hit by ransomware.15 ABB hit by ransomware.16 MPPMC hit by ransomware.16 Qulliq Energy Corporation hit by cyberattack.16 Hitachi Energy data theft.17 Sociedad Elctrica Del Sur Oeste hit by cyberattack.17 Siemens Energ
6、y hit by cyberattack.18 Hep Global hit by cyberattack.18 Electronics.19 MKS Instruments hit by ransomware.19 Micro-Star International hit by ransomware.19 ACER data theft.19 Western Digital hit by cyberattack.20 Lacroix Group hit by cyberattack.20 Kinmax Technology data breach.21 Utility.21 Acea hit
7、 by ransomware.21 guas do Porto hit by ransomware.21 Puerto Rico Aqueduct and Sewer Authority hit by ransomware.22 Israeli irrigation systems hit by cyberattack.22 Alto Calore Servizi hit by cyberattack.22 Logistics.23 Wabtec hit by ransomware.23 DNV hit by ransomware.23 FIEGE Logistics hit by ranso
8、mware.23 Vopak hit by ransomware.24 Food&beverages.24 Grupo Nutresa hit by ransomware.24 Super Bock Group hit by cyberattack.24 Coca-Cola FEMSA hit by cyberattack.24 Schwlbchen Molkerei hit by cyberattack.25 H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 3 2023 AO KASPERSKY L
9、AB Oil&gas.25 Encino Energy hit by ransomware.25 Suncor Energy hit by cyberattack.25 Shell hit by cyberattack.26 Shipbuilding.26 Lrssen hit by ransomware.26 Fincantieri Marine Group hit by cyberattack.26 Brunswick Corporation hit by cyberattack.27 Pharmaceutical.27 Eisai hit by ransomware.27 Virbac
10、hit by cyberattack.28 Metallurgy.28 Badische Stahlwerke hit by cyberattack.28 Haynes International hit by cyberattack.28 Other.29 Military-defense.Solar Industries hit by ransomware.29 Engineering.Vesuvius hit by ransomware.29 Mining.Rio Tinto data breach.29 In this overview,we discuss cybercriminal
11、 and hacktivist attacks on industrial organizations.A separate report is devoted to APT attacks.Many links to corporate website pages on which information on incidents was originally published are broken because the information has been removed from these websites.Still,we decided to keep the links
12、because the information below is based on statements made by victim companies.This overview includes information on the incidents such that either the affected organization or the responsible government officials publicly confirmed the compromise.Compromise reports and claims made by cybercriminal g
13、roups only are not discussed.H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 4 2023 AO KASPERSKY LAB Instead of an Introduction Ransomware and other criminally motivated attacks have become a plague on industrial organizations around the world.Our report for H1 2022 includes s
14、even cases of hacktivist attacks and 10 cases of criminal ransomware attacks.In H2 2022,this increased to 40 cases of cybercrime incidents,and one hacktivist attack.Now in the current report,we have 67 cybercrime cases.As you can see,the dynamic is far from encouraging.Keep in mind that in our repor
15、ts,we normally only focus on publicly disclosed incidents and cybercrimes confirmed officially by the affected organization or state officials.But these only show the tip of the iceberg,as the vast majority of organizations dont advertise the fact that they were compromised and refuse to confirm pre
16、ss reports when theyre added to online lists of cybercrime victims.Journalists also usually only react when prominent names appear on these lists,whereas in reality the total number of affected organizations is many times greater.In our opinion,to get a more objective idea of the estimated number of
17、 organizations whose data has been put up for sale to the public,take the figures in our reports and multiply them by 10.Then theres the organizations that dont know theyve been compromised(because the attackers didnt demand a ransom and didnt publicly post the name of the organization and examples
18、of stolen data),which is at least 10 times larger too.So the real size of the iceberg turns out to be larger than its tip by two orders of magnitude.The overall picture that emerges is quite alarming.If we stick to the tip of the iceberg and only focus on officially(and publicly!)confirmed data for
19、the first half of 2023,we can make a few observations.The first observation is the most obvious.Among all organizations that suffered attacks,the vast majority relate to industrial manufacturing,which is the most numerous and diverse category of potential victims among industrial organizations.They
20、also have many secrets that potential buyers are willing to pay for,while being less regulated(in the sense of not being able to pay a ransom),and not as zealously protected by the state as,for example,the energy sector(which means less criminal liability for attackers).In the industrial production
21、sector,a particularly large number of attacked organizations were related to automobile production(a sad fact given the general difficulties facing the automobile market),and the transport industry as the whole,including organizations related to shipbuilding and logistics.The second major area in th
22、e industrial production sector under attack was the production of microelectronics,which is a key industry that affects a large number of markets,including the automotive industry.Here we can see many well-known company names among the victims.H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL
23、 CYBERSECURITY 5 2023 AO KASPERSKY LAB The second important observation is the sheer variety of real sector industries affected,including metallurgy,pharmaceuticals,mining,food production,automotive,and many others.We were surprised to see a well-known manufacturer of snowboarding equipment,clothing
24、 and gear,and even two manufacturers of firefighting equipment on the list as well.Its likely that the appearance of any organization in these lists,no matter the market or niche,will come as a surprise anymore.Among the industries not directly related to production,the most affected sectors(by numb
25、er of victims)were utilities,transport and logistics,oil and gas,and electricity suppliers.As for the electric power industry as a whole,including manufacturers of specialized equipment and software,as well as suppliers of related services,it was one of the most affected sectors in this half of the
26、year,second only to industrial production.Our third observation is the large number of major and recognizable names among victims.Unfortunately,even big budgets allocated for information security turn out to be insufficient.And since such companies try not to disclose attack details(probably in fear
27、 of additional direct losses),its difficult to judge the real scale of damage based on data from public sources.Just keep in mind the theoretical possibility of their partners and clients being compromised as well.For our fourth observation,many organizations,including at least three major companies
28、,were compromised through an unpatched vulnerability in two different MFT(Managed File Transfer)products.These file transfer solutions are used by large organizations,including to keep information secure(as their developers claim),yet continue to be a source of security issues for their clients.Its
29、also worth noting that large industrial organizations are often unable to quickly patch dangerous vulnerabilities in the technological networks of their enterprises and on the perimeter of the office network.Finally,our fifth and last observation.For many industrial organizations,in addition to data
30、 leaks and disruptions to internal IT systems,cyberattacks were also a direct cause of unscheduled shutdowns and downtime in the production and shipping of products,in some cases lasting for weeks and resulting in direct losses totaling hundreds of millions of dollars.Today,the risk of a cyberattack
31、 on any business has moved into a whole new category and can no longer be ignored by the top officials of any industrial enterprise in any sector and of any type.H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 6 2023 AO KASPERSKY LAB H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS
32、IN INDUSTRIAL CYBERSECURITY 7 2023 AO KASPERSKY LAB Manufacturing Trodat hit by ransomware Austrian manufacturer of stamps and laser technology Trodat was hit by ransomware that led to the encryption of some servers.A large part of the central IT services was temporarily unavailable at numerous loca
33、tions around the world.According to the statement,an emergency operation was immediately activated to ensure continuous operation.After the systems were shut down and a detailed forensic system analysis was performed,a“controlled reconstruction”took place.Within a week,the switch was made from emerg
34、ency to normal operation.Lumila hit by ransomware French lighting manufacturer Lumila,which provides services to the French railways,was one of the victims of a ransomware attack on February 3 that targeted several French hosting companies,including Scaleway and OVHCloud.The company filed a complain
35、t with the Central Office for Combating Information and Communication Technology Crime(OCLTIC).The extent of the cyberattack was determined and the company worked closely with the relevant authorities to investigate it.All services were restored and operational at the time of the announcement.Bernin
36、a hit by ransomware Swiss-based Bernina International AG,a leading manufacturer of sewing and embroidery machines,reported that it fell victim to a cyberattack after being added to the victim list of the ALPHV ransomware group.The company immediately initiated the necessary security measures,called
37、in external specialists and involved the relevant authorities.BERNINA did not comply with the ransom demands of the blackmailers.The hackers published the stolen files on the night of April 26,2023.The ransomware group claimed that the stolen data includes sensitive information,such as customer and
38、client data,employee data and insurance details,NDA contracts and documents,drawings and developments,and bank data and reports.Manufacturing Denial of IT services Ransomware Manufacturing,lighting,railways Ransomware Manufacturing Data leakage,personal data leakage,privacy Ransomware H1 2023 A BRIE
39、F OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 8 2023 AO KASPERSKY LAB Anton Paar Group hit by ransomware The Austrian manufacturer of laboratory instruments and process measuring systems fell victim to a ransomware attack initiated via phishing emails received on April 6.On April 19,the a
40、ttackers encrypted approximately 10%of the companys internal PCs and servers.According to a statement on its website,the company immediately took most of its systems and services offline worldwide and worked with the highest priority to get its IT systems up and running again.The company said it was
41、 cooperating fully and assisting the authorities and law enforcement agencies in their investigation.The cybersecurity incident resulted in the unauthorized disclosure of personal data in some instances.The Anton Paar Group immediately informed those affected.The Black Basta ransomware group added A
42、nton Paar to the victim list on its dark web site.Automatic Systems hit by ransomware On June 3,Automatic Systems,the Belgian manufacturer of vehicle,pedestrian and passenger access control equipment,discovered a ransomware attack claimed by the notorious ALPHV group.The information about the ransom
43、ware attack was posted on the companys website.According to a statement on the companys homepage,Automatic Systems immediately took specific protection measures to halt the advance of the ransomware.The company brought in external cybercrime experts to provide round-the-clock support to internal IT
44、teams.Investigations were underway to assess the nature of the information that may have been made accessible to third parties.Automatic Systems has filed a complaint in Belgium and in France.According to the screenshot shared by Falcon Feeds,the hackers released 121 attachments containing data alle
45、gedly from the Automatic Systems data breach.The ALPHV group claimed to have stolen sales data,logistics information,and insurance-related documents,and also claimed to have passwords to accounts and access to various company resources and partners.Yamaha Corporation hit by ransomware The Japanese m
46、usical instrument and audio equipment manufacturer announced on June 15 that its US sales subsidiary,Yamaha Corporation of America(YCA),had suffered unauthorized access via a ransomware attack.The company stated in its press release that it immediately removed the network connection of the illegally
47、 accessed device.The company also confirmed that its systems in Japan were not affected.There was a possibility that information related to local business partners may have been leaked,and the details were under investigation.The BlackByte ransomware group listed Yamaha Corporation as a victim on it
48、s extortion website.Manufacturing Denial of service,phishing,personal data leakage,privacy Ransomware Manufacturing Data leakage Ransomware Manufacturing Ransomware H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 9 2023 AO KASPERSKY LAB Morgan Advanced Materials hit by cyberat
49、tack UK-based manufacturing company Morgan Advanced Materials was hit by a cyberattack.The exact nature of the attack hasnt been revealed but it is described as a“data security incident”.The company said some of its servers were taken offline to contain the attack,leading to limited email service an
50、d other network restrictions.A third-party company was brought in to conduct a forensic analysis of the network to better understand the nature of the attack and help prevent further damage to the network.Fritzmeier Group hit by cyberattack Fritzmeier Group,the German manufacturer of plastic assembl
51、ies,metalworking and environmental technology,was hit by a cyberattack according to several local media reports.The attack was detected on January 17.All relevant systems were then switched off.Large parts of the production were still operational,but running in emergency mode.Criminal charges were f
52、iled and external professional support was brought in to resolve the problem as quickly as possible.According to a spokesperson,the company has also consulted the State Criminal Police Office of Lower Saxony as the central contact point for cybercrime.Gates Corporation hit by cyberattack On February
53、 11,Gates Industrial Corporation plc,a US manufacturer of fluid power and power transmission technology,determined that it was the target of a malware attack.The company immediately activated its incident response and business continuity plans designed to contain,assess and remediate the incident.Th
54、e company also initiated an investigation,engaged the services of cybersecurity experts and outside advisors and notified appropriate law enforcement authorities.The attack affected certain of the companys IT systems,and as part of its containment efforts,the company suspended the affected systems a
55、nd elected to temporarily suspend additional systems.These suspensions resulted in the temporary inability of most of the facilities to produce and ship products.Gates Industrial Corporation subsequently restored production and shipping at some of these facilities and was working to restore the rema
56、ining affected systems.Manufacturing Denial of IT services Manufacturing Manufacturing Denial of IT systems,denial of operations and shipment H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 10 2023 AO KASPERSKY LAB Stiles Machinery hit by cyberattack US-based industrial equipm
57、ent supplier Stiles Machinery Inc.announced on its website that it had detected an attack and shut down its systems to protect them.The notice was still active on the website as of February 22.Out of an abundance of caution,Stiles completely shut down its systems to investigate the situation further
58、.The security and data of customers and business partners is a top priority,officials said,adding that there was no indication of any data loss.Stiles worked to restore operations to full functionality as quickly as possible,but officials said their regular operations and ability to communicate were
59、 limited during this time.Burton hit by cyberattack Burton Snowboards,a snowboard manufacturer,canceled all online orders following what it described as a“cyber incident”that occurred on February 11.In a separate statement,Burton said that it had started investigating the incident with the help of o
60、utside experts to determine its impact.The company did not provide details on the nature of the“cyber incident”.STEICO hit by cyberattack The STEICO Group,a German manufacturer of energy-saving insulating materials,was the target of a cyberattack disclosed on March 1,with information published later
61、 on its website.The attack affected both production operations and administration.The extent of the impact was assessed.A task force was immediately set up,supported by cybersecurity experts and data forensics specialists,to resume normal operations as quickly as possible.No further details were pro
62、vided and it was unclear whether this was a ransomware extortion attack.Groupe SEB hit by cyberattack Groupe SEB,a French manufacturer of household appliances,announced that it detected an attempt to exploit a vulnerability.Following investigations,an intrusion into the information system was confir
63、med.The necessary measures were taken to limit the impact of the intrusion.Groupe SEB wrote that it was in close contact with its clients and partners as well as with the competent authorities,in accordance with the RGPD(General Data Protection Regulation).At the time of the announcement and after e
64、xtensive research,Groupe SEB had still not identified any data leakage or damage to information systems.Manufacturing supplier Denial of IT systems Manufacturing Denial of shipment Manufacturing Denial of production Manufacturing H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY
65、 11 2023 AO KASPERSKY LAB Hahn Group hit by cyberattack HAHN Group,an industrial automation and robotics headquartered in Germany,announced that it was the victim of a cyberattack on March 17.According to the message on its website,IT staff quickly noticed the attack and were able to stop it.“All sy
66、stems”were shut down.The internal IT staff and other external forensic experts and specialists worked tirelessly to better understand the incident and to gradually reset the systems and boot them up again in a safe manner.As of March 27,the company was in the process of restarting its operations.Thi
67、s included reinstalling the infrastructure in a clean environment and using the backup systems.Storopack hit by cyberattack German packaging manufacturer Storopack recorded a cyberattack on March 21.According to a message posted on its website,the company was not reachable by email and limited by ph
68、one.Its website was unaffected,but its online store was unavailable.In accordance with its IT emergency protocol,Storopack took the necessary security measures immediately after becoming aware of the cyberattack and informed the police and other relevant authorities.Although there may have been some
69、 delays in delivery,Storopack worked at full speed to maintain its ability to deliver.Production and delivery capability were not interrupted at any time.Bobst hit by cyberattack Le Temps learned that Swiss machine manufacturer Bobst Group suffered two attacks over the Easter weekend,forcing the com
70、pany to work in degraded mode.The company believes that“its a good sign”that nothing about Bobst was found on the darknet.Emergency measures were taken to protect critical computer systems by isolating them,in order to limit the risk of any spread,that resulted in production,research and development
71、 and customer support to operate in a degrade mode.Between April 12 and 18,work gradually resumed at the groups various global sites while systems were reconnected.The quieter holiday period helped to mitigate the impact.Five days after the event,the manufacturer informed its customers and suppliers
72、 of a certain instability that could cause inconvenience.Bobsts CEO claimed to know who had attacked the company and where the attacks were launched from,but provided no details.No ransom note was received.Manufacturing,automation&robotics Denial of IT services,interruption in operations Manufacturi
73、ng Denial of IT services Manufacturing Operations degrade H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 12 2023 AO KASPERSKY LAB YKK hit by cyberattack Japanese zipper manufacturer YKK confirmed a cyberattack aimed at its US networks after being listed as the victim on the L
74、ockBit ransomware group leak site on June 2.According to a company spokesperson,once the cyberthreat was identified,the companys cybersecurity team was quick to respond,successfully containing it before it could cause significant damage or lead to the exfiltration of sensitive information.The compan
75、ys quick and efficient response ensured that the attack did not affect its operations or the quality of service provided to its customers.It was also claimed that there was no material impact on its operations and the incident didnt compromise the ability to serve customers.The exact nature of the c
76、yberattack remains undisclosed,and the company did not comment on whether a ransom was demanded.Notably,however,the LockBit ransomware group threatened to leak stolen data by June 16,but it is unclear whether any data was leaked.Automotive Trves Group hit by ransomware The IT systems of French autom
77、otive manufacturer Trves Group were subjected to a major cyberattack over the weekend of February 18-19,2023.According to a company press release,in order to limit the overall impact and to protect its partners,Trves Group immediately implemented isolation protocols and decided not to pay the ransom
78、.The Group started working closely with the authorities and took all the necessary measures in this regard.The entire Group mobilized to guarantee continuity of operations and a return to normalcy as quickly as possible.Trves Group mentioned the Lockbit 3.0 ransomware group,which had added the compa
79、ny to the list of its victims,as the source of the attack in the press release.Rosenbauer Group hit by ransomware Austria-based manufacturer of fire-service vehicles and firefighting equipment Rosenbauer Group,was the target of a cyberattack.According to a short press release issued on February 24,p
80、arts of the IT infrastructure were switched off as a precaution.The measures affected all Rosenbauer locations.A task force was immediately set up,bringing in external cybersecurity experts and forensic experts to securely and quickly restore system operation.To the companys knowledge,no customer or
81、 company data was stolen or encrypted.The relevant authorities have been involved.A few days after the confirmation,the LockBit 3.0 ransomware group listed the company as one of its victims.Manufacturing Ransomware Manufacturing,automotive Ransomware Ransom demand Manufacturing,automotive,fire-fight
82、ing equipment Denial of IT services Ransomware H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 13 2023 AO KASPERSKY LAB Ferrari hit by ransomware Italian luxury sports car manufacturer Ferrari reported a cyber-incident involving ransomware.The hacker demanded that the company
83、pay a ransom for customer data.The company notified its customers of the potential data breach.According to the companys statement,after receiving the ransom demand,it immediately launched an investigation in cooperation with one of the worlds leading cybersecurity companies and informed the relevan
84、t authorities.It added that according to the companys policy,Ferrari will not pay a ransom as this kind of payment finances criminal activity and allows threat actors to continue their attacks.Instead,the company informed its customers and alerted them to the potential data breach and the nature of
85、the incident.The company states that the ransomware incident did not affect the companys operations in any way.Exco Technologies hit by cyberattack Canadian-based international manufacturer of die cast tools and car parts Exco Technologies announced on January 23 that three production facilities wit
86、hin its Large Mould Group were recovering from a cyber-incident.The company temporarily disabled some computer systems as it investigated this incident.It initiated bringing these systems back online and expected operations to be substantially restored over the following two weeks.The statement didn
87、t detail the kind of attack,or whether personal or corporate data was accessed.It said independent experts were retained to help the company deal with the matter.Ziegler hit by cyberattack Albert Ziegler GmbH,the German manufacturer of firefighting vehicles,became the victim of a cyberattack that wa
88、s detected on the morning of February 9.According to the news,all relevant systems were immediately shut down.As a result,all systems were taken offline at all locations,so the company was severely restricted in its ability to work and communicate by email.On February 20,the company issued another s
89、tatement that all systems were restored,but that the company is partially reachable by email with some delays.The merchandise management system was available again with its core functions after several days.That allowed the company to restore the vehicle deliveries at the Giengen site.Manufacturing,
90、automotive Data leakage,personal data leaked,privacy Ransomware Manufacturing,automotive Denial of IT systems Manufacturing,automotive,firefighting vehicles Denial of IT systems,denial of shipment H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 14 2023 AO KASPERSKY LAB SAF Hol
91、land hit by cyberattack German manufacturer of chassis components for trailers and trucks SAF-Holland became the target of a cyberattack that was announced on March 27.As a result,systems were checked,shut down and disconnected from the internet and production has been interrupted at certain sites,w
92、hich could last seven to 14 days,according to the companys statement.The extent of the impact of the cyberattack was being assessed.However,management expected to be able to make up for the resulting production backlog over the course of the next three months.The company estimated that it will take
93、three months to make up for production losses.Rheinmetall hit by cyberattack Rheinmetall,an automotive and arms manufacturer based in Dusseldorf,Germany,disclosed that it experienced a cyberattack on April 14 that affected its industrial customer division.The attack hit the Rheinmetall business unit
94、 that serves industrial customers,particularly in the automotive sector.Rheinmetall told Recorded Future News that the companys defense division,which produces military vehicles,weapons,and ammunition,remained unaffected and continues to operate reliably.It is unclear who is behind the attack.It is
95、known the hacktivist group Killnet posted a message on their Telegram channel in March urging its followers to launch a distributed denial-of-service attack against Rheinmetall.Hyundai data breach Automotive manufacturer Hyundai Motor notified vehicle owners in France and Italy of a data breach.The
96、company warned that a hacker gained unlawful access to the personal information of the companys customers.The data breach involves phone numbers,email addresses,street locations,and vehicle chassis numbers.The alert stated that although the attackers entered Hyundais database,they took no financial
97、information or identity numbers.Hyundai said they had taken their systems offline in response to the attack until further security measures can be put in place.The company also notified the French and Italian data protection authorities.Hyundai advised its clients to be wary of phishing emails and u
98、nwanted text messages because these might be attempts at social engineering.Manufacturing,automotive Denial of IT systems,denial of production:7-14 days Manufacturing,automotive Denial of IT systems Manufacturing,automotive Data leakage,personal data leakage,privacy H1 2023 A BRIEF OVERVIEW OF MAIN
99、INCIDENTS IN INDUSTRIAL CYBERSECURITY 15 2023 AO KASPERSKY LAB Suzuki Motorcycle India hit by cyberattack Suzuki Motorcycle India,a subsidiary of Suzuki Motor Corporation,was the victim of a cyberattack.On May 10,the company suspended production at its plant in Gurgaon,located in the northern Indian
100、 state of Haryana.A spokesperson for Suzuki Motorcycle India said that they were aware of the incident and immediately reported it,and that the matter was currently under investigation.There were no technical details.The cyberattack reportedly forced the company to postpone its annual supplier confe
101、rence that was supposed to take place in May.Laremo hit by ransomware German steel special vehicle equipment producer Laremo GmbH was hit by ransomware on February 5,the company announced that in a public statement on February 22.Data storage server systems were encrypted,so the data was considered
102、lost according to the announcement.Customer database and financial accounting data were obtained by the attackers.The company has already turned to the relevant investigating authorities.The LockBit ransomware group claimed responsibility for the attack and uploaded the companys data on their dark w
103、eb site on February 19.Power and energy Aker Solutions hit by ransomware CSE Mecanica e Instrumentao SA,the Brazilian subsidiary of Aker Solutions,a Norwegian service provider for the energy industry,fell victim to a cyberattack that impacted its IT systems.Aker Solutions said it didnt know the full
104、 extent of the situation,and that they had been in dialogue with the authorities in Brazil about the incident.In addition,the companys global IT organization worked to resolve the situation with external expertise.Aker Solutions carried out several immediate mitigating actions,including temporarily
105、shutting down most of the IT systems used in the CSE business entity.The attackers claimed that they had entered the IT systems,encrypted digital files and locked access to data.At the time of the update,there were no indications that any parts of Aker Solutions IT systems other than those of the CS
106、E subsidiary were infected.Manufacturing,automotive Denial of production Energy Denial of IT services Ransomware Steel construction Denial of service,data loss,data leakage Ransomware H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 16 2023 AO KASPERSKY LAB ABB hit by ransomwar
107、e Swedish-Swiss electrical equipment manufacturer ABB confirmed that it was targeted in a ransomware attack,with the cybercriminals stealing some data.According to a press release,all of ABBs key services and systems are up and running,all factories are operating,and the company continues to serve i
108、ts customers.The company also continues to restore any remaining impacted services and systems and is further enhancing the security of its systems.In private notifications sent to customers,ABB said its forensic investigation found no evidence of customer systems being directly impacted and there i
109、s no indication that its unsafe to connect to ABB systems.Bleeping Computer was the first to report that ABB was targeted by the Black Basta ransomware group on May 7.The news outlet learnt from multiple employees that the ransomware attack affected the companys Windows Active Directory,affecting hu
110、ndreds of devices.In response to the attack,ABB terminated VPN connections with its customers to prevent the spread of the ransomware to other networks.Cybersecurity researcher Kevin Beaumont stated the same.Beaumont posted on May 26 that the company paid the ransom,which would explain why it was no
111、t named on Black Bastas leak website.MPPMC hit by ransomware Madhya Pradesh Power Management Company Limited,based in Jabalpur,India,fell victim to a ransomware attack.The incident was detected in the companys IABS internal IT system on May 22.The Jabalpur state Cyber Cells superintendent of police
112、said that an investigation was underway in response to a complaint.MPPMC chief general manager said those behind the ransomware attack had provided email IDs to contact them.MPPMC scanned the servers as per the guidelines of the government and tried to restore them with precaution.No further technic
113、al details were released at the time of the announcement.Qulliq Energy Corporation hit by cyberattack Qulliq Energy Corporation(QEC),the territorial utility that provides power to Nunavut in Canada,announced that its network was breached on January 15.It disclosed that the attack took down the syste
114、ms at its Customer Care and administrative offices and didnt affect power plant operations,though customers were unable to pay their bills via credit card.The company enlisted external cybersecurity experts alongside QECs and the Government of Nunavuts IT teams to investigate the scope of the attack
115、 and determine which data were accessed.Manufacturing,electrical equipment,energy Data leakage,denial of IT services Ransomware Power and energy Denial of IT services Ransomware Power and energy,utility Denial of IT systems,denial of customer services H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN IN
116、DUSTRIAL CYBERSECURITY 17 2023 AO KASPERSKY LAB Hitachi Energy data theft Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a GoAnyway zero-day vulnerability and listed the company on its extortion portal.Hitachi Energy is a department of Japanese eng
117、ineering and technology giant Hitachi focused on energy solutions and power systems.The attack was made possible by exploiting a zero-day vulnerability in the Fortra GoAnywhere MFT(Managed File Transfer),first disclosed on February 3,2023,and now tracked as CVE-2023-0669.The security flaw enables at
118、tackers to gain remote code execution on unpatched GoAnywhere MFT instances with their administrative console exposed to internet access.The company responded to the incident immediately,disconnected the impacted system(GoAnywhere MFT),and initiated an internal investigation to determine the breachs
119、 impact.All affected employees,relevant data protection authorities and law enforcement agencies have been informed of the security incident directly by Hitachi.The company said in the statement that it had no information that its network operations or the security or reliability of customer data ha
120、d been compromised.The statement didnt specify whether any systems were disabled after the attack.The Clop ransomware group claimed it had breached over 130 organizations using the GoAnywhere MFT secure file transfer tool vulnerability.They also claimed that they could move laterally through their v
121、ictims networks and deploy ransomware payloads to encrypt their systems,but chose not to and only stole the documents stored on the compromised GoAnywhere MFT servers.Sociedad Elctrica Del Sur Oeste hit by cyberattack The Peruvian electricity supply company Sociedad Elctrica del Sur Oeste(SEAL)suffe
122、red a cyberattack on April 17.The company reported in a press release sent to local news outlets that some services and user data were not available until further notice.The expiration dates of electric service payments and other services were also suspended.According to SEALs General Manager,the at
123、tackers were seeking to steal information,however,the company had a security system that prevented it.The only thing they managed to obtain was access to the commercial part.The company reported that specialists were solving the problem in order to restore the service system.Manufacturing,power and
124、energy Data leakage 0-day vulnerability,GoAnywhere MFT,Ransomware Power and energy,utility Denial of IT services H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 18 2023 AO KASPERSKY LAB Siemens Energy hit by cyberattack Siemens Energy,a Munich-based energy technology company,o
125、fficially confirmed a MOVEit data-theft attack to several news outlets on June 27 after the Clop ransomware group added the company to its data leak website.The attackers exploited a zero-day vulnerability found in the MOVEit Transfer platform to gain unauthorized access to sensitive information.How
126、ever,Siemens Energy said that no critical data was stolen,and business operations were not impacted,according to a company spokesperson.The company took immediate action upon learning about the incident.Siemens Energy did not respond to follow-up questions from news outlets about what systems or dev
127、ices were affected and what data was stolen.Hep Global hit by cyberattack Hep Global,a German renewable energy company that manufactures and operates solar power parks worldwide,was hit by a cyberattack.According to a statement on its website,all potentially affected systems were taken offline as an
128、 immediate measure and to avoid possible damage to the customers.At the time of publication,the company was unable to say whether data had actually been accessed.The company worked with authorities and external experts and filed a complaint against unknown persons.On June 19,Hep Global issued an upd
129、ate saying that immediate measures and close cooperation with authorities and external IT security experts ensured business continuity and the investigation into the cyberattack was still ongoing.The Darkrace ransomware group has claimed responsibility for the Hep Global data breach,listing the comp
130、any as one of its victims.Manufacturing,power and energy 0-day,MOVEit MFT,Ransomware Manufacturing,renewable energy Data leakage Ransomware H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 19 2023 AO KASPERSKY LAB Electronics MKS Instruments hit by ransomware Chip equipment man
131、ufacturer MKS Instruments said it was hit by a ransomware attack on February 3 that affected business systems including production-related systems.The MKS website was still offline at the time of the announcement.MKS said it temporarily suspended operations at some of its facilities,as part of its c
132、ontainment efforts.The company reported the incident to law enforcement and was investigating the full extent of the costs and how much could be recovered through cyber insurance.The attackers encrypted business and manufacturing systems and may have stolen personal data,according to a filing with C
133、alifornia regulators.The attack impacted the companys ability to process orders,ship products,and provide service to customers in the companys Vacuum Solutions and Photonics Solutions Divisions.The attack would result in at least a$200 million hit to company revenue during the first quarter,the comp
134、any announced later in February.Prior to the incident,MKS Instruments expected to report about$1 billion in revenue.Micro-Star International hit by ransomware Taiwanese computer and electronics manufacturer MSI(short for Micro-Star International)confirmed on April 7 that its network was breached in
135、a cyberattack after the Money Message ransomware gang claimed to have infiltrated some MSI systems and stolen files.In a statement,MSI urged users“to obtain firmware/BIOS updates only from its official website,”and to avoid using files from other sources.MSI did not address the extent of the securit
136、y breach,nor what was stolen,stating only that it detected network anomalies,and its IT department activated relevant defense mechanisms and carried out recovery measures.The company said it reported the intrusion to government law enforcement agencies and cybersecurity units.It also stated that it
137、had returned to normal operations with no significant impact to its financials.ACER data theft Acer,a Taiwanese multinational hardware and electronics corporation,confirmed a data breach in one of its document servers after a hacker claimed to have stolen 160 GB of data from the company.Acer told Se
138、curityWeek in an emailed statement that it had detected an incident of unauthorized access to one of its document servers for repair technicians.While the investigation was ongoing,there was no indication that any consumer data was stored Manufacturing,electronics,chip equipment Denial of service,pr
139、oduction&shipment suspended,financial loss:$200M Ransomware Manufacturing,computer&electronics Data leakage Ransomware Manufacturing,computer&electronics Data leakage H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 20 2023 AO KASPERSKY LAB on that server.The cybercriminal clai
140、med the data was stolen in mid-February and the files included confidential slides,staff manuals,confidential product documentation,binary files,information on backend infrastructure,disk images,replacement digital product keys,and BIOS-related information.Western Digital hit by cyberattack On May 5
141、,US data storage manufacturer Western Digital released a statement acknowledging that a March cyberattack against its computer systems resulted in data theft.According to the statement,compromised data included names,addresses,phone numbers,and encrypted hashed passwords and partial payment card num
142、bers.Western Digital temporarily suspended access to its online store as a precautionary measure to secure its business operations.The company was aware that other alleged Western Digital information had been made public but didnt confirm the validity of this data.TechCrunch reported that an“unnamed
143、”hacking group breached Western Digital,claiming to have stolen 10 terabytes of data.While the threat actors claimed not to be part of the ALPHV ransomware operation,they used their data leak site to extort Western Digital.The threat actors released screenshots of stolen emails,documents,and applica
144、tions that showed they still had access to the companys network even after being detected.The hackers also claimed to have stolen an SAP Backoffice database containing customer information and shared a screenshot of what appears to be customers invoices.Lacroix Group hit by cyberattack Lacroix Group
145、,a multinational manufacturer of electronic equipment for the automotive,home automation,aerospace,industrial and health,and smart roads sectors and the management and operation of water and energy systems,announced that during the night of Friday,May 12,to Saturday,May 13,it was the victim of a tar
146、geted cyberattack.The cyberattacks affected the French,German and Tunisian sites.Measures were immediately taken to secure all the Groups other sites.Some local infrastructures were encrypted and an analysis was carried out to identify any exfiltrated data.On May 31,the company issued an update info
147、rming that it had partially resumed production at its electronics activity sites in Tunisia,France,and Germany as of May 17.Manufacturing,computer&electronics,data storage Data leakage,personal data leakage,privacy,denial of customer services Manufacturing,electronics Denial of IT systems,denial of
148、production H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 21 2023 AO KASPERSKY LAB Kinmax Technology data breach Taiwan Semiconductor Manufacturing Company(TSMC)confirmed to several news outlets on June 30 that it had experienced a data breach after being listed as a victim b
149、y the LockBit ransomware group on its dark web leak site.The group threatened to publish data stolen from the company but didnt provide any evidence of the data it had allegedly stolen.In a statement released to news outlets,a TSMC spokesperson confirmed that a data breach occurred due to cybersecur
150、ity incident at one of the companys IT hardware suppliers,named as Kinmax Technology,that led to a leak of information related to the initial server setup and configuration.According to the statement upon review,this incident did not affect TSMCs business operations,nor did it compromise any of TSMC
151、s customer information.After the incident,TSMC immediately terminated its data exchange with the affected supplier in accordance with the companys security protocols and standard operating procedures.Utility Acea hit by ransomware Acea,an Italian public holding company that provides energy and other
152、 services to the city of Rome,confirmed a cyberattack at the beginning of February,allegedly carried out by the Black Basta ransomware group.According to the companys statement,the attack didnt impact essential services provided to users(distribution of water and electricity)thanks to the prompt man
153、agement of the problem in collaboration with the relevant institutions,the National Cybersecurity Agency(Acn)and Cnaipic of the Postal Police.The companys internal IT services were involved in the necessary analysis and control activities.guas do Porto hit by ransomware guas e Energia do Porto,a wat
154、er utility in Portugal,stated on February 8 that it had been hit by a cyberattack,with its security team able to limit the damage.Public water supply and sanitation were not affected by the attack.As a result of the incident,some customer services were limited due to the companys restricted response
155、 capacity.The company was still able to process customer requests at in-person service desks,and it urged people to obtain virtual service tickets instead of standing in line.guas e Energia do Porto contacted both the Portuguese National Cybersecurity Center and the Judiciary Police for assistance w
156、ith the situation.The LockBit ransomware group took the responsibility for the attack.Manufacturing,electronics,semiconductors Data leakage Energy,utility Ransomware Water supply,utility Denial of web services Ransomware H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 22 2023
157、AO KASPERSKY LAB Puerto Rico Aqueduct and Sewer Authority hit by ransomware With the help of the FBI and US CISA,government-owned water company Puerto Rico Aqueduct and Sewer Authority(PRASA)investigated a cyberattack that was announced on March 19.The threat actors had access to customer and employ
158、ee information.The officials noted that the authoritys critical infrastructure was not affected by the incident due to network segmentation.PRASA planned to notify impacted customers and employees via breach notification letters.The Vice Society ransomware gang added the authority to the list of vic
159、tims on its Tor leak site.The ransomware gang leaked the passports,drivers licenses and other documents of the impacted individuals.Israeli irrigation systems hit by cyberattack The Jerusalem Post reported that a cyberattack blocked several controllers monitoring irrigation and wastewater treatment
160、systems in the Jordan Valley that are operated by the Galil Sewage Corporation.The companys experts spent the entire day restoring operations;at the time of the incident,the source of the attack was unclear.Local authorities were aware of the risk of a cyberattack and informed farmers in the region.
161、Some of the farmers disconnected their irrigation systems from the internet and switched them to manual operation.According to Jerusalem Post,the National Cyber Directorate warned of the risk of cyberattacks that anti-Israeli hackers could carry out against national infrastructure during the month o
162、f Ramadan,saying that they were monitoring spikes in phishing attacks,direct login attempts to various site CMSs and scans for vulnerabilities in the web sites,such as possible SQL injections.In April,private and government organizations in Israel were hit by massive cyberattacks that were part of t
163、he#OPIsrael campaign launched by hacktivists against Israels critical infrastructure.Alto Calore Servizi hit by cyberattack Italian water supplier,sewage and purification company Alto Calore Servizi SpA confirmed a cyberattack on April 28.It appears the distribution of water was not affected,but the
164、 company database seems to have been compromised according to a note on its website.On May 2,Medusa Locker claimed the cyberattack on its data leak site,sharing some files belonging to ACS.The group said it took customer data,contracts,minutes from board meetings,reports,pipe distribution informatio
165、n,expansion documents and more.Water supply,utility Data leakage,personal data leaked,privacy Ransomware Irrigation,wastewater treatment,utility Denial of OT systems,denial of operations Hacktivism Water supply,sewage and purification,utility Data leakage Ransomware H1 2023 A BRIEF OVERVIEW OF MAIN
166、INCIDENTS IN INDUSTRIAL CYBERSECURITY 23 2023 AO KASPERSKY LAB Logistics Wabtec hit by ransomware US rail and locomotive company Wabtec Corporation disclosed a data breach that exposed personal and sensitive information after the LockBit group had published samples of data stolen from Wabtec and eve
167、ntually leaked all stolen data on August 20,2022.In an announcement,Wabtec said that hackers breached their network and installed malware on specific systems as early as March 15,2022.On June 26,Wabtec detected unusual activity on their network leading to an investigation of the attack.On December 3
168、0,2022,Wabtec began notifying affected individuals,per relevant regulations,with a formal letter to let them know their data was involved.The affected information includes:first and last name,date of birth,non-US national ID number,non-US social insurance number or fiscal code,passport number,IP add
169、ress,employer identification number(EIN),and other data.Wabtec notified all applicable regulatory and data protection authorities,as required.DNV hit by ransomware Norwegian ship classification society DNV reported that it was a victim of a ransomware attack that occurred on January 7.As a result of
170、 the attack,the company took offline its ShipManager servers,as well as a marine fleet management software solution that supports the management of vessels and fleets in all technical,operational and compliance aspects.DNV estimated that the incident may had affected as many as 1000 vessels and impa
171、cted 70 customers.According to the news published by the organization,onboard software functionally continued to operate.The maritime software supplier launched an investigation into the incident with the help of global IT security partners.The company also reported the incident to the Norwegian aut
172、horities.FIEGE Logistics hit by ransomware Fiege Logistics based in Germany confirmed that it was the victim of a ransomware attack after the Lockbit 3.0 ransomware group had published stolen data on the dark web.Cybercriminals claim to have stolen 259 GB of the companys internal data.In comments to
173、 local media,the company said three locations in Italy were affected by the cyberattack and around 15%of the Italian business was affected.The affected IT systems were immediately isolated.The IT staff worked flat out to restore normal performance.The cyberdefense team worked closely with specialize
174、d and long-standing IT partners as well as law enforcement and data protection authorities.Transportation,logistics,railways Personal data leakage,privacy Ransomware Transportation,logistics,maritime Denial of service,supply chain/trusted partner Ransomware Logistics Data leakage,denial of IT servic
175、es Ransomware H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 24 2023 AO KASPERSKY LAB Vopak hit by ransomware Dutch tank storage company Royal Vopak N.V.fell victim to a ransomware attack.The company confirmed that there was an IT incident at Pengerang Independent Terminals(P
176、TSB)in Malaysia that resulted in the unauthorized access of some data.According to companys CEO,the cyberattack did not impact daily activities at that location or at other facilities around the world.Vopak was almost certainly attacked by the ALPHV/BlackCat ransomware group as the company was liste
177、d on its dark web site.Critical company information was allegedly stolen,including information about the companys tank infrastructure and systems.Food&beverages Grupo Nutresa hit by ransomware Grupo Nutresa,a leading processed food company in Colombia,disclosed a ransomware attack on April 20 that a
178、ffected its business process and product shipments.According to the company,once the event was detected,the protocol established by the company for this type of incident was activated to mitigate its potential impact.On April 24,the Lockbit group claimed responsibility for the cyberattack on the Nut
179、resa group and published internal documents several days later.Super Bock Group hit by cyberattack Super Bock Group,a brewery based in Portugal,was the target of a cyberattack that caused disruptions to computer services,limiting its normal operations.In a statement issued on LinkedIn,the company ad
180、ded that the situation caused major restrictions in its supply operation to the market for some of its products.The usual and necessary safety protocols were enacted by the company.It informed the relevant data authorities in Portugal and followed a contingency plan to resupply the market.No additio
181、nal details were given by Super Bock Group.Coca-Cola FEMSA hit by cyberattack Beverage company Coca-Cola FEMSA Mxico disclosed that it fell victim to a cyberattack.The company conducted a forensic investigation and simultaneously put its cybersecurity protection and response mechanisms in place to d
182、etermine the extent of the breach.The corporation did not Logistics,tank storage Data leakage Ransomware Food processing Data leakage,denial of product shipment Ransomware Manufacturing,food&beverage Denial of IT systems,denial of product shipment Manufacturing,beverage H1 2023 A BRIEF OVERVIEW OF M
183、AIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 25 2023 AO KASPERSKY LAB elaborate on whether the event included a breach,the loss of data or passwords,or a breach of its networks.A statement to the Mexican Stock Exchange(BMV)said that“the company is working with experts on measures to avoid an adverse im
184、pact on its information technology applications.”Schwlbchen Molkerei hit by cyberattack German dairy products manufacturer Schwlbchen Molkerei Jakob Berz AG was hit by a cyberattack that affected some areas of its IT infrastructure,according to a statement obtained by local news outlets.As a result
185、of the attack,the companys availability was impaired.Ongoing production and logistics were not affected.Work was underway to fully restore the systems.It is unclear to what extent company data was obtained by unauthorized third parties.The company worked closely with security authorities and an exte
186、rnal IT security service provider.No further details were provided and the company didnt specify the type of attack.Oil&gas Encino Energy hit by ransomware Encino Energy,a US-based natural gas and oil producer,acknowledged a cyberattack when contacted by The Record after the BlackCat/ALPHV ransomwar
187、e group added the company to its data leak site on the dark web.An Encino Energy spokesperson didnt say whether the cyberattack was a ransomware incident,whether the company paid a ransom or whether it had examined the 400GB of data on BlackCat/ALPHVs site,but said there was no impact on the company
188、s operations,and the company continues to operate business as usual.Encino Energy was previously aware of unauthorized activity,investigated the action,and remediated the issue.Suncor Energy hit by cyberattack The Canadian oil company Suncor confirmed that a cyberattack was the cause of widespread o
189、utages that brought services to a halt on June 23.Customers reported problems logging in to the app and website for Petro-Canada,a gas station chain owned by Suncor.Employees told media that customers could only pay cash at a number of gas stations.According to the companys statement,it took measure
190、s to mitigate the attack and informed the authorities of the situation.Suncor expected transactions with customers and suppliers to be negatively impacted until the incident was resolved.The company did not provide any details about the type of cybersecurity incident and whether or not it was a rans
191、omware attack that affected its systems.Manufacturing,food&beverage Oil&gas Data leakage Ransomware Oil&gas Denial of customer services H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 26 2023 AO KASPERSKY LAB Shell hit by cyberattack Shell,the British oil and gas multinational
192、 headquartered in London,confirmed on June 15 that it had been impacted by the Clop ransomware gangs breach of the MOVEit file transfer tool after the group listed the company on its extortion site.In a press release the company stressed there was“no evidence of impact to Shells core IT systems”and
193、said their IT teams continued to investigate the incident.The company specified that this was not a ransomware event.The companys spokesperson commented that they were not communicating with the hackers.Shipbuilding Lrssen hit by ransomware German shipbuilder Lrssen confirmed on April 12 that it had
194、 fallen victim to a ransomware attack that occurred over the Easter holiday period.In coordination with internal and external experts,the company immediately initiated all necessary protective measures and informed the relevant authorities.The attack brought much of Lrssens shipyard operations to a
195、standstill,according to local news outlet Buten un Binnen,which first reported the incident.Fincantieri Marine Group hit by cyberattack US commercial and defense shipbuilder Fincantieri Marinette Marine acknowledged an alleged ransomware incident in a statement to USNI News and Green Bay Press-Gazet
196、te.The attack occurred on April 12 and affected its email server and some network operations and caused production delays.The statement indicated the companys network security officials immediately isolated systems and reported the incident to the relevant agencies and partners.Fincantieri Marine Gr
197、oup brought in additional resources to investigate and restore full functionality to the affected systems as quickly as possible.The company added that it had no evidence the incident compromised any employees personal information.Oil&gas 0-day,MOVEit MFT Ransomware Manufacturing,ship building Denia
198、l of operations Ransomware Manufacturing,ship building Denial of IT Systems,denial of production H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 27 2023 AO KASPERSKY LAB Brunswick Corporation hit by cyberattack The US-based manufacturer of boats and marine propulsion systems e
199、xperienced an IT security incident on June 13 that impacted some of its systems and global facilities.The company said it activated its response protocols,which include pausing operations in some locations,engaging leading security experts and coordinating with relevant law enforcement agencies.Brun
200、swick said it was working to address the incident in order to restore the full functionality of the affected systems and minimize impact on the business,employees and customers.In a press release issued on June 22,the company stated that it had made significant progress restoring the functionality o
201、f its systems and restarting operations at facilities where production or distribution was paused.All of Brunswicks primary global manufacturing facilities and most distribution facilities were operational,and the remaining production and distribution facilities were expected to resume operations wi
202、thin a few business days.Pharmaceutical Eisai hit by ransomware Japanese pharmaceutical company Eisai announced that it fell victim to a ransomware attack.Headquartered in Tokyo,the company has manufacturing facilities in Asia,Europe,and North America,and has subsidiaries on both American continents
203、,in Asia-Pacific,Africa,and Europe.The ransomware attack was identified on June 3,and resulted in the encryption of multiple servers.The attack impacted servers both in Japan and overseas,including logistics systems.The companys corporate websites and email systems remained operational.Eisai said it
204、 immediately implemented its incident response plan,which involved taking systems offline to contain the attack,and launched an investigation.Eisai Group immediately established a company-wide task force,and worked on recovery efforts with the advice of external experts and undertaking measures to u
205、nderstand the scope of the incident.Additionally,Eisai Group consulted with law enforcement.Eisai said it had to determine whether any data was compromised or stolen during the attack.Manufacturing,maritime,ship building Denial of operations&shipment:9 days Manufacturing,pharmaceutical Denial of IT
206、services,denial of logistics systems Ransomware H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 28 2023 AO KASPERSKY LAB Virbac hit by cyberattack French animal health pharmaceutical company Vibrac was the target of a cyberattack on several of its sites worldwide during the ni
207、ght of June 19-20,according to a statement on its website.As soon as the company became aware of the attack,it immediately took steps to contain it and set up a crisis unit including dedicated cybersecurity experts to assess the impact on the systems and organize remediation operations.As a result o
208、f this attack,the company experienced a slowdown or temporary interruption of some of its services.Vibrac didnt specify the type of attack and provided no further details.Metallurgy Badische Stahlwerke hit by cyberattack Badische Stahlwerke GmbH,a steel producer in Kehl,Germany,posted a message on i
209、ts website stating that unauthorized access to the companys network occurred on April 20.The company was working hard to fully and quickly investigate the incident.Employees were temporarily unavailable by email and landline phone while the affected systems were shut down and reviewed.According to a
210、 report by the regional news portal,the attack was confirmed by the police in Offenburg and an investigation into the case was started.Haynes International hit by cyberattack US-based alloy manufacturer Haynes International began experiencing a network outage indicative of a cybersecurity incident o
211、n June 10,according to a press release.Upon detection of the incident,the company engaged third-party specialists to assist in investigating the source of the outage,determine its potential impact on the companys systems,and securely restore full functionality to the companys systems.Although“variou
212、s aspects of Haynes International networks”were down while the retained specialists remediated the incident,all of the companys manufacturing operations were running with some operating inefficiencies.In addition,the company substantially restored its administrative,sales,financial,and customer serv
213、ice functions.Haynes did not provide any information on what caused the incident,but said its investigation and restoration efforts were still ongoing.The company said the response caused some delay in product shipments.Manufacturing,pharmaceutical Denial of IT services Manufacturing,steel Denial of
214、 IT systems Manufacturing,metallurgy,alloys Denial of IT systems,denial of shipment H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 29 2023 AO KASPERSKY LAB Other Military-defense.Solar Industries hit by ransomware The parent company of a private defense ministry contractor an
215、d a manufacturer of defense equipment,Solar Industries Limited India,was allegedly compromised by the Windows Alphv ransomware(aka BlackCat),with the group releasing a number of documents on the dark web and claiming to have stolen 2TB of data.While the case wasnt officially confirmed by the organiz
216、ation,which declined to comment on it,it was confirmed by an unnamed government official.A case was also registered with Nagpur cyber police station on January 25,according to police officials.The website of the firm was down on January 29.According to local news sources,the hacker group penetrated
217、the Solar Group on January 21,followed by a ransom demand.The company didnt respond to the demand and immediately reported it to the Computer Emergency Response Team India(CERT-In).Engineering.Vesuvius hit by ransomware Vesuvius,a UK-based engineering company well known in the metals and ceramics ma
218、rket,announced a cyber-incident that led to a shutdown of its systems.The company worked with leading cybersecurity experts to support the investigations and identify the extent of the issue,including the impact on production and contract fulfilment.The company took steps to comply with all relevant
219、 regulatory obligations.The Vice Society ransomware gang claimed responsibility for the cyberattack against Vesuvius and published files that it stole from Vesuvius on the dark web.Mining.Rio Tinto data breach On April 5,Anglo-Australian mining corporation Rio Tinto Group confirmed to local news out
220、lets that employee data stolen in a March cyberattack through third-party file transfer service GoAnywhere was posted on the dark web.On 23 March,Rio Tinto revealed a third-party cyberattack could have exposed the personal data of current and former Australian employees.The company initially told it
221、s staff that while threats had“been made by a cybercriminal group”to release data on the dark web,it was unsure whether the cybercriminal group actually possessed the stolen data.The Cl0p ransomware group claimed responsibility for the Rio Tinto data hack.It has updated its dark web page to include
222、a slew of Rio Tinto data.Manufacturing,military-defense Data leakage Ransomware Engineering,metal,ceramics Denial of service Ransomware Mining Data leakage,personal data leakage,privacy GoAnywhere MFT vulnerability Ransomware H1 2023 A BRIEF OVERVIEW OF MAIN INCIDENTS IN INDUSTRIAL CYBERSECURITY 30
223、2023 AO KASPERSKY LAB Kaspersky Industrial Control Systems Cyber Emergency Response Team(Kaspersky ICS CERT)is a global Kaspersky project aimed at coordinating the efforts of automation system vendors,industrial facility owners and operators,and IT security researchers to protect industrial enterprises from cyberattacks.Kaspersky ICS CERT devotes its efforts primarily to identifying potential and existing threats that target industrial automation systems and the industrial internet of things.Kaspersky ICS CERT ics-