Cyber Security Blog

Bespoke Cyber Simulation Drills for the Manufacturing Sector

Written by Aditi Uberoi | 11 April 2024

Manufacturing companies, with their complex supply chains and reliance on digital technologies, face very specific cybersecurity challenges today. From ransomware attacks disrupting production lines to data breaches exposing sensitive information, the consequences can be severe. 

Further, with the integration of advanced technologies such as IoT, AI, and automation, the risk of cyber threats has increased significantly. It is imperative to understand these specific cybersecurity threats to the manufacturing sector while designing strategies for greater cyber resilience including cyber attack tabletop exercises or cyber simulation drills.

Topics Covered: 

1. Why are Cyber Tabletop Exercises so Important for the Manufacturing Sector?
2. How to create Tailored Cyber Attack Tabletop Exercise Scenarios for the Manufacturing Sector
3. How to use knowledge of past attacks in the Manufacturing Sector for effective Cyber Drills
4. Major cyber attacks on the Manufacturing Sector

Why are Cyber Crisis Tabletop Exercises Critical for the Manufacturing Sector? 

In the manufacturing sector, a single cyber attack can derail production, bring supply chains to a halt and lead to damaging consequences for operations and profitability. It is imperative that organisations in this industry regularly test their cyber incident response capabilities with simulated cyber tabletop exercises. 

Cyber attack tabletop exercises for the manufacturing sector not only build the muscle memory of the incident response teams and test the effectiveness of incident response plans, they also help identify:  

  1. Specific technological vulnerabilities 
  2. Insufficient security protocols 
  3. Gaps in employee training 
  4. Outdated software and hardware

In order for cyber drills in the manufacturing sector to be successful, they must address the unique risks and threats that the industry faces. The exercise must also have clearly defined objectives that lead to the desired outcomes of - (a) improved decision making for cyber attacks (b) improved communication and coordination between different departments (c) identification of vulnerabilities in the industrial control system and backup systems.

How to Tailor Cyber Tabletop Exercises for the Manufacturing Industry?  

The word ‘bespoke’ isn’t just a fancy prefix we attach to Cyber Crisis Tabletop Exercises. At Cyber Management Alliance, we truly believe that Cyber Drills must be designed and curated specifically for the client’s business and industry. We go out of our way in the planning and preparation phase to understand the client’s operations, technological infrastructure, backups and industry-specific risks and threats. 

Without paying sufficient attention to such details, the exercise will never truly reflect the actual incident response capability of the business. 

If you’re organising a tabletop drill for your manufacturing business, be sure to keep the following key points in mind to get the most out of your exercise: 

  1. Identifying Relevant Threat Scenarios for Manufacturing: Developing scenarios that are relevant and challenging is key. These should reflect the most probable and damaging cyber threats that a manufacturing business may face. Consider including cyber tabletop scenarios such as supply chain attacks, industrial control system compromises, a malware attack on a production software, a data breach or intellectual property theft.

  2. Involving the Right Stakeholders: Involving a diverse group of stakeholders, from IT professionals to factory floor managers, ensures a comprehensive understanding of the potential impacts of cyber threats. Their insights can help in creating more realistic and effective exercises. This in turn will lead to better preparedness against possible attacks. 

  3. Preparation for the Tabletop Exercise: In the preparation phase, ensure that all necessary resources and tools are available. This includes technical documentation, communication devices, and access to relevant systems. Training participants on the exercise's format and objectives can significantly improve its effectiveness. It also helps in building confidence and ensuring active engagement during the exercise.

  4. Scenario Execution: During the exercise, role-play the scenario in a realistic way. Focus on developing a layered scenario with important injects added over time. This tests the decision-making skills and response strategies of the participants better.

  5. Observing and Documenting Participant Responses: Observing and documenting how participants respond to different scenarios provides valuable insights. This data is crucial for post-exercise analysis and for identifying areas for improvement. 

  6. Lessons Learned & Recommendations: Debriefing sessions immediately following the exercise are vital for discussing what went well and what didn’t. Feedback from participants can provide a different perspective and highlight unforeseen issues. It is also imperative to analyse the outcomes of the exercise to identify gaps in cyber security strategies and response plans. This analysis should be thorough and include recommendations for improvements. Compiling a comprehensive report that includes findings, analysis, and recommendations is a critical step. This report can guide future cybersecurity strategies and training programmes. 

  7. Implementing Learnings: The learnings and recommendations from the cyber drill should be used to make strategic improvements in the organisation’s cybersecurity posture. This might involve updating policies, implementing new technologies, or changing operational procedures. 

Back To the Top

Learning from past Cyber Attacks on the Manufacturing Sector 

Studying past cyber attacks on the manufacturing sector is vital for conducting effective cyber tabletop exercises. This historical analysis provides invaluable insights into the patterns, techniques, and impacts of real-world cyber threats specific to this industry. 

By examining previous incidents, manufacturing businesses can identify common vulnerabilities and learn from the mistakes and successes of others. Such a retrospective approach enables the creation of more realistic and challenging scenarios for tabletop exercises for the manufacturing industry. This ensures that the drill doesn’t just impart knowledge in theory but is also highly practical. 

Understanding past cyber incidents in the same industry is a critical step in safeguarding the manufacturing sector against evolving digital threats. We’ve compiled a list of the major attacks on the manufacturing sector in the next section. You could study the events, the threat actors, their impact and the organisational response to further fortify your own cyber defence strategy. 

Back To the Top

Major Cyber Attacks on Manufacturing Businesses

Event Date

 Company

Incident

Threat Actor

Impact

Source

February 26, 2024

Steel producer ThyssenKrupp

Steel giant ThyssenKrupp confirms cyber attack on automotive division

Unknown

Steel giant ThyssenKrupp confirmed that hackers breached systems in its Automotive division, forcing them to shut down IT systems as part of its response and containment effort.

ThyssenKrupp Cyber Attack

February 8, 2024

Hyundai Motor Europe

Hyundai Motor Europe hit by Black Basta ransomware attack

Black Basta Ransomware

Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. An image shared by the threat actors described lists of folders that were allegedly stolen from numerous Windows domains, including those from KIA Europe.

Hyundai Motor Europe Ransomware Attack

January 29 & February 13, 2024

Energy company Schneider

Energy giant Schneider Electric hit by Cactus ransomware attack

Cactus Ransomware

The attack hit the company's Sustainability Business division, and disrupted some of Schneider Electric's Resource Advisor cloud platform.  The Cactus ransomware gang claimed they stole 1.5 TB of data from Schneider Electric after breaching the company's network. 25MB of the allegedly stolen data was also leaked on the operation's dark web leak site as proof of the threat actor's claims, together with snapshots showing several American citizens' passports and non-disclosure agreement document scans.

Schneider Ransomware Attack

December 27, 2023

Panasonic Avionics Corporation

Panasonic discloses data breach after December 2022 cyber attack

Unknown

Panasonic Avionics Corporation disclosed a data breach affecting an undisclosed number of individuals after its corporate network was breached more than one year ago.

Panasonic Data Breach

December 26, 2023

Yakult Australia

Yakult Australia confirms 'cyber incident' after 95 GB data leak

DragonForce

Yakult Australia confirmed experiencing a "cyber incident" in a statement to BleepingComputer as both the company's Australian and New Zealand IT systems were affected, and DragonForce which claimed responsibility for the cyber attack leaked 95 GB of data that it stated, belongs to the company.

Yakult Australia Cyber Attack

December 05, and 22, 2023

Nissan Australia

Nissan is investigating a cyber attack and potential data breach claimed by Akira Ransomware

Akira Ransomware

The attack may have let hackers access personal information. In a new entry added to the operation's date leak blog on December 22, Akira says that its operators allegedly stole around 100 GB of documents from the automaker's systems.

Nissan Australia Cyber Attack

December 12 , 2023 & January 18, 2024

Apparel giant VF Corp. the makers of Timberland, Vans, North Face, and Jansport

Apparel giant VF reports cyber attack on first day of SEC disclosure rule

Unknown

One of the biggest apparel companies in the world reported a “material” cyber attack to the U.S. SEC on the first day that a new cyber incident reporting rule went into effect. VF Corporation said it detected unauthorised activity on a portion of its information technology systems on December 13 and was forced to shut down some systems. In the latest update, the company said the cyber attack led to a breach of personal data of about 35.5 million consumers

VF Corp Data Breach

December 6, 2023

U.S. Navy contractor Austal USA

Navy contractor Austal USA confirms cyber attack after data leak

The Hunters International Ransomware Group

Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyber attack and is currently investigating the impact of the incident.

Austal USA Cyber Attack

November 15, 2023

Yamaha Motor

Yamaha Motor confirms ransomware attack on Philippines subsidiary

INC Ransom Gang

The threat actors added the company to its dark web leak site, and has since published multiple file archives with roughly 37 GB of allegedly stolen data containing employee ID info, backup files, and corporate and sales information, among others.

Yamaha Motor Ransomware Attack

October 27, 2023

Morskate Manufacturing

CL0P Ransomware targets Morskate Manufacturing

CL0P Ransomware

Hackers hit IT systems and steal company data.

Morskate Ransomware Attack

October 27, 2023

Boeing

Boeing assessing Lockbit hacking gang threat of sensitive data leak

Lockbit Ransomware

The Lockbit cybercrime gang claimed that it had "a tremendous amount" of sensitive data stolen from the aerospace giant that it would dump online if Boeing didn't pay the ransom.

Boeing Ransomware Attack

October 25, 2023

Seiko

Seiko says ransomware attack exposed sensitive customer data

Black Cat Ransomware

Seiko confirmed that the incident has led to a data breach, exposing sensitive customer, partner, and personnel information. The company also confirmed that a total of 60,000 'items of personal data' held by its 'Group' (SGC), 'Watch' (SWC), and 'Instruments' (SII) departments were compromised by the attackers.

Seiko Ransomware Attack

October 11, 2023

D-Link

D-Link confirms data breach after employee phishing attack

Succumb

Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums. The attacker claimed to have stolen source code for D-Link's D-View network management software, along with millions of entries containing personal information of customers and employees, including details on the company's CEO.

D-Link Data Breach

October 11, 2023

Casio

Casio says customers in 148 countries affected by breach

Unknown

Casio said that an external cyber-attack was carried out against a database in the development environment for “ClassPad.net,” a web application managed and operated by Casio and as a result, the personal information of some customers in and outside Japan, stored in the database, was accessed and leaked. Casio has confirmed that there is no evidence of any unauthorised intrusion into assets other than the database in the development environment.

Casio Data Breach

October 10, 2023

Simpson Manufacturing

Simpson Manufacturing shuts down IT systems after cyber attack

Unknown

The company stated it detected IT problems and application outages. In response to the situation, Simpson took all impacted systems offline to prevent the attack's spread.

Simpson Manufacturing Cyber Attack

September 27, 2023

Building automation giant Johnson Controls

Building automation giant Johnson Controls hit by ransomware attack

Dark Angels Ransomware Gang

Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations. The threat actors claimed to have stolen over 27 TB of corporate data and encrypted the company's VMWare ESXi virtual machines during the attack.

Johnson Controls Ransomware Attack

September 26, 2023

Sony

Sony investigates cyber attack as hackers fight over who's responsible

RansomedVC and MajorNelson (BreachForums name)

Sony said that it is investigating allegations of a cyber attack as different hackers have stepped up to claim responsibility for the purported hack. Claims of attacking Sony's systems were initially made by an extortion group called RansomedVC. This group claimed that it had breached Sony's networks and stolen 260 GB of data during the attack that they are attempting to sell for $2.5 million. But on the other side, MajorNelson (another group) leaked for free a 2.4 GB compressed archive, which contains 3.14 GB of uncompressed data that it claims belongs to Sony.

Sony Cyber Attack

September 13, 2023

Airbus

Airbus investigates data leak allegedly involving thousands of suppliers

Threat actor using the moniker "USDoD"

Airbus said that it investigated a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web. The threat actor using the moniker "USDoD" posted on BreachForums that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee.

Airbus Data Leak

September 6, 2023

Fresh Taste Produce Limited

Ransomware attack on Fresh Taste Produce Limited

8BASE #ransomware group

Threat actors have added Fresh Taste Produce Limited (http://freshtasteproduce.com) to their victim list. They claim to have access to Invoice, Receipts, Accounting documents, Personal data, Certificates, Employment contracts, etc.

Fresh Taste Produce Cyber Attack

August 27, 2023

PurFoods, which conducts business in the U.S. as 'Mom's Meals'

Mom’s Meals discloses data breach impacting 1.2 million people

Unknown

PurFoods' investigation revealed that the company had been breached on January 16th, 2023, and tools commonly used to steal data were found on the network. A more in-depth investigation concluded on July 10th, 2023, confirming the hackers had accessed sensitive customer information.

PurFoods Data Breach

August 21, 2023

Kansai Nerolac

Kansai Nerolac reports Ransomware Incident 

Unknown

Kansai Nerolac Paints Limited on Sunday was victim to a cyber-attack incident the company announced through an exchange filing. The ransomware attack has affected a few IT systems.

Kansai Nerolac Ransomware Attack

August 9, 2023

Paracetamol maker Granules India

Paracetamol maker Granules India' Q1 profit hurt by cyber attack disruptions

Unknown

The maker of paracetamol and ibuprofen pain relievers, reported a 62.5% fall in first-quarter profit in 2023, as a cyber security incident significantly disrupted operations.

Granules India Cyber Attack

August 2, 2023

Marine industry giant Brunswick Corporation

Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms

Unknown

A cybersecurity incident will cost the Brunswick Corporation as much as $85 million, the company’s CEO told investors last week. The billion-dollar boating manufacturing firm announced a cyberattack on June 13 that impacted their systems and some of their facilities.

Brunswick Corporation

June 30, 2023

Chip Maker TSMC

TSMC confirms data breach after LockBit cyber attack on third-party supplier

LockBit Ransomware Gang

Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest contract chipmaker, has confirmed it’s experienced a data breach after being listed as a victim by the LockBit ransomware gang. The Russia-linked LockBit ransomware gang listed TSMC on its dark web leak site, threatening to publish data stolen from the company, which commands 60% of the global foundry market.

TSMC Ransomware Attack 

June 27, 2023

Schneider Electric

Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack

Cl0p Ransomware Gang

Germany-based Siemens Energy, a spinoff of Siemens’ energy business, and France-based automation and energy management giant Schneider Electric featured among the companies named as victims on the Cl0p site.

Siemens and Schneider Ransomware Attack

June 21, 2023

Snack food company Mondelez

Snack food company Mondelez warns employees of data theft

Unknown

Mondelez, the U.S. manufacturer of Oreo cookies and Milk chocolate, warned employees that their personal data was been compromised through a breach at the law firm Bryan Cave, which provides legal services to Mondelez and other Fortune 500 companies.

Mondelez Third-Party Data Breach

June 1, 2023

Toyota

Yet another Toyota cloud data breach jeopardizes thousands of customers

Unknown

Toyota Motor Corp. announced its discovery of yet another data breach — this time, two misconfigured cloud services were found leaking 260,000 car owners' personal information over a seven-year period. Customers' information such as names, phone numbers, email addresses, and vehicle registration numbers may have been externally accessible from October 2016 up until this June 2023. The car manufacturer stressed that no financial or vehicle location-related data was included in the breach.

Toyota Cloud Data Breach 

May 18, 2023

Gentex Corporation

Gentex Corporation confirms ransomware attack

Dunghill Ransomware Group

TechTarget Editorial, apparently, received an email purportedly from a Dunghill operator claiming the group breached the Michigan-based technology and manufacturing company, Gentex Corporation. The email contained a link to a Tor site that allegedly contained 5 TB of sensitive corporate data, including emails, client documents and the personal data of 10,000 Gentex employees such as Social Security numbers.

Gentex Corporation Ransomware Attack 

May 19, 2023

The world's largest eyewear manufacturer, Luxottica

Luxottica confirms 2021 data breach after information of 70M leaks online

Unknown

A random tweet (from @AndreaDraghetti) highlighted a hacker forum's post saying: "In November 2022, a member of the now-defunct “Breached” hacker forum attempted to sell what he claimed to be a 2021 database containing 300 million records of personal information related to Luxottica customers in the United States and Canada." 

Luxottica Data Breach

March 24, 2023

Procter & Gamble

Procter & Gamble confirms data theft via GoAnywhere zero-day

Cl0p Ransomware

According to Procter & Gamble, the attackers didn't gain access to employees' financial or social security information, although they did manage to steal some of their data.

Procter & Gamble Data Theft

March 21, 2023

Ferrari

Ferrari says ransomware attack exposed customers’ personal data

Unknown

Italian supercar manufacturer Ferrari has confirmed it was hit by a ransomware attack that exposed customers’ personal information. Ferrari’s CEO said that the company has not paid the unnamed hackers’ ransom demand, saying that doing so “does not fundamentally change the data exposure.”

Ferrari Ransomware Attack

March 18, 2023

Hitachi Energy

Hitachi Energy Latest Victim of Cl0p GoAnywhere Attacks

Clop Ransomware

Hitachi Energy, a subsidiary of the Japanese tech giant, confirmed that the Cl0p ransomware group had exploited the flaw in Fortra's GoAnywhere file transfer software that could have resulted in unauthorized access to employee data in some countries.

Hitachi Energy GoAnywhere Attack

March 14, 2023

Amazon's doorbell maker, Ring

Ring won’t say if it was hacked after ransomware gang claims attack

ALPHV Ransomware

A notorious ransomware gang is threatening to leak data allegedly involving Amazon-owned video surveillance company Ring. The ransomware group ALPHV listed the video doorbell maker Ring as a victim on its dark website. “There’s always an option to let us leak your data,” the Russia-linked group wrote alongside the listing, seen by TechCrunch.

Amazon Doorbell Manufacturer Ring Attack 

March 05, 2023

Sun Pharma

Sun Pharma suffers IT breach, says core systems not affected

The ALPHV ransomware operation, aka BlackCat

The Company said that the incident’s effect on its IT systems included a breach of certain file systems and the theft of certain company data and personal data. As part of the containment measures, it proactively isolated its network and initiated the recovery process. As a result of these measures, the company’s business operations were apparently not impacted

  Sun Pharma Ransomware Attack

February 22, 2023

food giant Dole

Cyber attack on food giant Dole temporarily shuts down North America production, company memo says

Unknown

A cyber attack forced produce giant Dole to temporarily shut down production plants in North America and halt food shipments to grocery stores, according to a company memo about the incident obtained by CNN.

Dole Cyber Attack

February 18, 2023

MKS Instruments, Inc.

Confidential information leaked in ransomware attack at MKS Instruments, Inc.

Unknown

MKS Instruments, Inc. filed a data breach notice with the Montana Attorney General on February 16, 2023 after learning of a ransomware attack on the company’s computer network. According to the filing, an unauthorised party gained access to sensitive consumer information like first and last names, Social Security numbers, dates of birth, employment history, and financial account information.

MKS Instruments Ransomware Attack

February 12, 2023

B&G Foods

B&G Foods attacked by Daixin Team; files leaked

Daixin Team

The cyber attack allegedly resulted in the encryption of an estimated 1,000 hosts and the exfiltration of files that have now been leaked on Daixin’s dark web leak site.

B&G Foods Cyber Attack

February 06, 2023

Vesuvius, the LSE-listed molten metal flow engineering company

Hackers hit Vesuvius, UK engineering company shuts down affected systems

Unknown

Vesuvius plc, a global leader in molten metal flow engineering and technology faced a cyber attack as the incident involved unauthorised access to its systems.

Vesuvius Cybersecurity Incident

February 02, 2023

Teijin Automotive Technologies

Teijin Automotive Technologies files notice of data breach affecting over 25K employees

BlackCat Ransomware

The incident resulted in an unauthorised party gaining access to consumers’ names, addresses, dates of birth, Social Security numbers, health insurance policy information and banking information.

Teijin Automotive Data Breach

January 26, 2023

Matco Tools Corporation

Matco Tools Corporation files official notice of data breach affecting over 14k individuals

Unknown

The incident resulted in an unauthorized party gaining access to consumers’ names and Social Security numbers.

Matco Tools Data Breach

January 17, 2023

Nissan North America

Nissan North America data breach caused by vendor-exposed database

Unknown

Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information.

Nissan North America Data Breach

 

Back to the Top