Bespoke Cyber Simulation Drills for the Manufacturing Sector
Date: 11 April 2024
Manufacturing companies, with their complex supply chains and reliance on digital technologies, face very specific cybersecurity challenges today. From ransomware attacks disrupting production lines to data breaches exposing sensitive information, the consequences can be severe.
Further, with the integration of advanced technologies such as IoT, AI, and automation, the risk of cyber threats has increased significantly. It is imperative to understand these specific cybersecurity threats to the manufacturing sector while designing strategies for greater cyber resilience including cyber attack tabletop exercises or cyber simulation drills.
Topics Covered:
1. Why are Cyber Tabletop Exercises so Important for the Manufacturing Sector?
2. How to create Tailored Cyber Attack Tabletop Exercise Scenarios for the Manufacturing Sector?
3. How to use knowledge of past attacks in the Manufacturing Sector for effective Cyber Drills?
4. Major cyber attacks on the Manufacturing Sector
Why are Cyber Crisis Tabletop Exercises Critical for the Manufacturing Sector?
In the manufacturing sector, a single cyber attack can derail production, bring supply chains to a halt and lead to damaging consequences for operations and profitability. It is imperative that organisations in this industry regularly test their cyber incident response capabilities with simulated cyber tabletop exercises.
Cyber attack tabletop exercises for the manufacturing sector not only build the muscle memory of the incident response teams and test the effectiveness of incident response plans, they also help identify:
- Specific technological vulnerabilities
- Insufficient security protocols
- Gaps in employee training
- Outdated software and hardware
In order for cyber drills in the manufacturing sector to be successful, they must address the unique risks and threats that the industry faces. The exercise must also have clearly defined objectives that lead to the desired outcomes of - (a) improved decision making for cyber attacks (b) improved communication and coordination between different departments (c) identification of vulnerabilities in the industrial control system and backup systems.
How to Tailor Cyber Tabletop Exercises for the Manufacturing Industry?
The word ‘bespoke’ isn’t just a fancy prefix we attach to Cyber Crisis Tabletop Exercises. At Cyber Management Alliance, we truly believe that Cyber Drills must be designed and curated specifically for the client’s business and industry. We go out of our way in the planning and preparation phase to understand the client’s operations, technological infrastructure, backups and industry-specific risks and threats.
Without paying sufficient attention to such details, the exercise will never truly reflect the actual incident response capability of the business.
If you’re organising a tabletop drill for your manufacturing business, be sure to keep the following key points in mind to get the most out of your exercise:
- Identifying Relevant Threat Scenarios for Manufacturing: Developing scenarios that are relevant and challenging is key. These should reflect the most probable and damaging cyber threats that a manufacturing business may face. Consider including cyber tabletop scenarios such as supply chain attacks, industrial control system compromises, a malware attack on a production software, a data breach or intellectual property theft.
- Involving the Right Stakeholders: Involving a diverse group of stakeholders, from IT professionals to factory floor managers, ensures a comprehensive understanding of the potential impacts of cyber threats. Their insights can help in creating more realistic and effective exercises. This in turn will lead to better preparedness against possible attacks.
- Preparation for the Tabletop Exercise: In the preparation phase, ensure that all necessary resources and tools are available. This includes technical documentation, communication devices, and access to relevant systems. Training participants on the exercise's format and objectives can significantly improve its effectiveness. It also helps in building confidence and ensuring active engagement during the exercise.
- Scenario Execution: During the exercise, role-play the scenario in a realistic way. Focus on developing a layered scenario with important injects added over time. This tests the decision-making skills and response strategies of the participants better.
- Observing and Documenting Participant Responses: Observing and documenting how participants respond to different scenarios provides valuable insights. This data is crucial for post-exercise analysis and for identifying areas for improvement.
- Lessons Learned & Recommendations: Debriefing sessions immediately following the exercise are vital for discussing what went well and what didn’t. Feedback from participants can provide a different perspective and highlight unforeseen issues. It is also imperative to analyse the outcomes of the exercise to identify gaps in cyber security strategies and response plans. This analysis should be thorough and include recommendations for improvements. Compiling a comprehensive report that includes findings, analysis, and recommendations is a critical step. This report can guide future cybersecurity strategies and training programmes.
- Implementing Learnings: The learnings and recommendations from the cyber drill should be used to make strategic improvements in the organisation’s cybersecurity posture. This might involve updating policies, implementing new technologies, or changing operational procedures.
Learning from past Cyber Attacks on the Manufacturing Sector
Studying past cyber attacks on the manufacturing sector is vital for conducting effective cyber tabletop exercises. This historical analysis provides invaluable insights into the patterns, techniques, and impacts of real-world cyber threats specific to this industry.
By examining previous incidents, manufacturing businesses can identify common vulnerabilities and learn from the mistakes and successes of others. Such a retrospective approach enables the creation of more realistic and challenging scenarios for tabletop exercises for the manufacturing industry. This ensures that the drill doesn’t just impart knowledge in theory but is also highly practical.
Understanding past cyber incidents in the same industry is a critical step in safeguarding the manufacturing sector against evolving digital threats. We’ve compiled a list of the major attacks on the manufacturing sector in the next section. You could study the events, the threat actors, their impact and the organisational response to further fortify your own cyber defence strategy.
Major Cyber Attacks on Manufacturing Businesses
Event Date |
Company |
Incident |
Threat Actor |
Impact |
Source |
February 26, 2024 |
Steel producer ThyssenKrupp |
Steel giant ThyssenKrupp confirms cyber attack on automotive division |
Unknown |
Steel giant ThyssenKrupp confirmed that hackers breached systems in its Automotive division, forcing them to shut down IT systems as part of its response and containment effort. |
|
February 8, 2024 |
Hyundai Motor Europe |
Hyundai Motor Europe hit by Black Basta ransomware attack |
Black Basta Ransomware |
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. An image shared by the threat actors described lists of folders that were allegedly stolen from numerous Windows domains, including those from KIA Europe. |
|
January 29 & February 13, 2024 |
Energy company Schneider |
Energy giant Schneider Electric hit by Cactus ransomware attack |
Cactus Ransomware |
The attack hit the company's Sustainability Business division, and disrupted some of Schneider Electric's Resource Advisor cloud platform. The Cactus ransomware gang claimed they stole 1.5 TB of data from Schneider Electric after breaching the company's network. 25MB of the allegedly stolen data was also leaked on the operation's dark web leak site as proof of the threat actor's claims, together with snapshots showing several American citizens' passports and non-disclosure agreement document scans. |
|
December 27, 2023 |
Panasonic Avionics Corporation |
Panasonic discloses data breach after December 2022 cyber attack |
Unknown |
Panasonic Avionics Corporation disclosed a data breach affecting an undisclosed number of individuals after its corporate network was breached more than one year ago. |
|
December 26, 2023 |
Yakult Australia |
Yakult Australia confirms 'cyber incident' after 95 GB data leak |
DragonForce |
Yakult Australia confirmed experiencing a "cyber incident" in a statement to BleepingComputer as both the company's Australian and New Zealand IT systems were affected, and DragonForce which claimed responsibility for the cyber attack leaked 95 GB of data that it stated, belongs to the company. |
|
December 05, and 22, 2023 |
Nissan Australia |
Nissan is investigating a cyber attack and potential data breach claimed by Akira Ransomware |
Akira Ransomware |
The attack may have let hackers access personal information. In a new entry added to the operation's date leak blog on December 22, Akira says that its operators allegedly stole around 100 GB of documents from the automaker's systems. |
|
December 12 , 2023 & January 18, 2024 |
Apparel giant VF Corp. the makers of Timberland, Vans, North Face, and Jansport |
Apparel giant VF reports cyber attack on first day of SEC disclosure rule |
Unknown |
One of the biggest apparel companies in the world reported a “material” cyber attack to the U.S. SEC on the first day that a new cyber incident reporting rule went into effect. VF Corporation said it detected unauthorised activity on a portion of its information technology systems on December 13 and was forced to shut down some systems. In the latest update, the company said the cyber attack led to a breach of personal data of about 35.5 million consumers |
Source: Reuters |
December 6, 2023 |
U.S. Navy contractor Austal USA |
Navy contractor Austal USA confirms cyber attack after data leak |
The Hunters International Ransomware Group |
Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyber attack and is currently investigating the impact of the incident. |
|
November 15, 2023 |
Yamaha Motor |
Yamaha Motor confirms ransomware attack on Philippines subsidiary |
INC Ransom Gang |
The threat actors added the company to its dark web leak site, and has since published multiple file archives with roughly 37 GB of allegedly stolen data containing employee ID info, backup files, and corporate and sales information, among others. |
|
October 27, 2023 |
Morskate Manufacturing |
CL0P Ransomware targets Morskate Manufacturing |
CL0P Ransomware |
Hackers hit IT systems and steal company data. |
|
October 27, 2023 |
Boeing |
Boeing assessing Lockbit hacking gang threat of sensitive data leak |
Lockbit Ransomware |
The Lockbit cybercrime gang claimed that it had "a tremendous amount" of sensitive data stolen from the aerospace giant that it would dump online if Boeing didn't pay the ransom. |
|
October 25, 2023 |
Seiko |
Seiko says ransomware attack exposed sensitive customer data |
Black Cat Ransomware |
Seiko confirmed that the incident has led to a data breach, exposing sensitive customer, partner, and personnel information. The company also confirmed that a total of 60,000 'items of personal data' held by its 'Group' (SGC), 'Watch' (SWC), and 'Instruments' (SII) departments were compromised by the attackers. |
|
October 11, 2023 |
D-Link |
D-Link confirms data breach after employee phishing attack |
Succumb |
Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums. The attacker claimed to have stolen source code for D-Link's D-View network management software, along with millions of entries containing personal information of customers and employees, including details on the company's CEO. |
|
October 11, 2023 |
Casio |
Casio says customers in 148 countries affected by breach |
Unknown |
Casio said that an external cyber-attack was carried out against a database in the development environment for “ClassPad.net,” a web application managed and operated by Casio and as a result, the personal information of some customers in and outside Japan, stored in the database, was accessed and leaked. Casio has confirmed that there is no evidence of any unauthorised intrusion into assets other than the database in the development environment. |
|
October 10, 2023 |
Simpson Manufacturing |
Simpson Manufacturing shuts down IT systems after cyber attack |
Unknown |
The company stated it detected IT problems and application outages. In response to the situation, Simpson took all impacted systems offline to prevent the attack's spread. |
|
September 27, 2023 |
Building automation giant Johnson Controls |
Building automation giant Johnson Controls hit by ransomware attack |
Dark Angels Ransomware Gang |
Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations. The threat actors claimed to have stolen over 27 TB of corporate data and encrypted the company's VMWare ESXi virtual machines during the attack. |
|
September 26, 2023 |
Sony |
Sony investigates cyber attack as hackers fight over who's responsible |
RansomedVC and MajorNelson (BreachForums name) |
Sony said that it is investigating allegations of a cyber attack as different hackers have stepped up to claim responsibility for the purported hack. Claims of attacking Sony's systems were initially made by an extortion group called RansomedVC. This group claimed that it had breached Sony's networks and stolen 260 GB of data during the attack that they are attempting to sell for $2.5 million. But on the other side, MajorNelson (another group) leaked for free a 2.4 GB compressed archive, which contains 3.14 GB of uncompressed data that it claims belongs to Sony. |
|
September 13, 2023 |
Airbus |
Airbus investigates data leak allegedly involving thousands of suppliers |
Threat actor using the moniker "USDoD" |
Airbus said that it investigated a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web. The threat actor using the moniker "USDoD" posted on BreachForums that they obtained access to an Airbus web portal after compromising the account of a Turkish airline employee. |
|
September 6, 2023 |
Fresh Taste Produce Limited |
Ransomware attack on Fresh Taste Produce Limited |
8BASE #ransomware group |
Threat actors have added Fresh Taste Produce Limited (http://freshtasteproduce.com) to their victim list. They claim to have access to Invoice, Receipts, Accounting documents, Personal data, Certificates, Employment contracts, etc. |
|
August 27, 2023 |
PurFoods, which conducts business in the U.S. as 'Mom's Meals' |
Mom’s Meals discloses data breach impacting 1.2 million people |
Unknown |
PurFoods' investigation revealed that the company had been breached on January 16th, 2023, and tools commonly used to steal data were found on the network. A more in-depth investigation concluded on July 10th, 2023, confirming the hackers had accessed sensitive customer information. |
|
August 21, 2023 |
Kansai Nerolac |
Kansai Nerolac reports Ransomware Incident |
Unknown |
Kansai Nerolac Paints Limited on Sunday was victim to a cyber-attack incident the company announced through an exchange filing. The ransomware attack has affected a few IT systems. |
|
August 9, 2023 |
Paracetamol maker Granules India |
Paracetamol maker Granules India' Q1 profit hurt by cyber attack disruptions |
Unknown |
The maker of paracetamol and ibuprofen pain relievers, reported a 62.5% fall in first-quarter profit in 2023, as a cyber security incident significantly disrupted operations. |
|
August 2, 2023 |
Marine industry giant Brunswick Corporation |
Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms |
Unknown |
A cybersecurity incident will cost the Brunswick Corporation as much as $85 million, the company’s CEO told investors last week. The billion-dollar boating manufacturing firm announced a cyberattack on June 13 that impacted their systems and some of their facilities. |
|
June 30, 2023 |
Chip Maker TSMC |
TSMC confirms data breach after LockBit cyber attack on third-party supplier |
LockBit Ransomware Gang |
Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest contract chipmaker, has confirmed it’s experienced a data breach after being listed as a victim by the LockBit ransomware gang. The Russia-linked LockBit ransomware gang listed TSMC on its dark web leak site, threatening to publish data stolen from the company, which commands 60% of the global foundry market. |
|
June 27, 2023 |
Schneider Electric |
Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack |
Cl0p Ransomware Gang |
Germany-based Siemens Energy, a spinoff of Siemens’ energy business, and France-based automation and energy management giant Schneider Electric featured among the companies named as victims on the Cl0p site. |
|
June 21, 2023 |
Snack food company Mondelez |
Snack food company Mondelez warns employees of data theft |
Unknown |
Mondelez, the U.S. manufacturer of Oreo cookies and Milk chocolate, warned employees that their personal data was been compromised through a breach at the law firm Bryan Cave, which provides legal services to Mondelez and other Fortune 500 companies. |
|
June 1, 2023 |
Toyota |
Yet another Toyota cloud data breach jeopardizes thousands of customers |
Unknown |
Toyota Motor Corp. announced its discovery of yet another data breach — this time, two misconfigured cloud services were found leaking 260,000 car owners' personal information over a seven-year period. Customers' information such as names, phone numbers, email addresses, and vehicle registration numbers may have been externally accessible from October 2016 up until this June 2023. The car manufacturer stressed that no financial or vehicle location-related data was included in the breach. |
|
May 18, 2023 |
Gentex Corporation |
Gentex Corporation confirms ransomware attack |
Dunghill Ransomware Group |
TechTarget Editorial, apparently, received an email purportedly from a Dunghill operator claiming the group breached the Michigan-based technology and manufacturing company, Gentex Corporation. The email contained a link to a Tor site that allegedly contained 5 TB of sensitive corporate data, including emails, client documents and the personal data of 10,000 Gentex employees such as Social Security numbers. |
|
May 19, 2023 |
The world's largest eyewear manufacturer, Luxottica |
Luxottica confirms 2021 data breach after information of 70M leaks online |
Unknown |
A random tweet (from @AndreaDraghetti) highlighted a hacker forum's post saying: "In November 2022, a member of the now-defunct “Breached” hacker forum attempted to sell what he claimed to be a 2021 database containing 300 million records of personal information related to Luxottica customers in the United States and Canada." |
|
March 24, 2023 |
Procter & Gamble |
Procter & Gamble confirms data theft via GoAnywhere zero-day |
Cl0p Ransomware |
According to Procter & Gamble, the attackers didn't gain access to employees' financial or social security information, although they did manage to steal some of their data. |
|
March 21, 2023 |
Ferrari |
Ferrari says ransomware attack exposed customers’ personal data |
Unknown |
Italian supercar manufacturer Ferrari has confirmed it was hit by a ransomware attack that exposed customers’ personal information. Ferrari’s CEO said that the company has not paid the unnamed hackers’ ransom demand, saying that doing so “does not fundamentally change the data exposure.” |
|
March 18, 2023 |
Hitachi Energy |
Hitachi Energy Latest Victim of Cl0p GoAnywhere Attacks |
Clop Ransomware |
Hitachi Energy, a subsidiary of the Japanese tech giant, confirmed that the Cl0p ransomware group had exploited the flaw in Fortra's GoAnywhere file transfer software that could have resulted in unauthorized access to employee data in some countries. |
|
March 14, 2023 |
Amazon's doorbell maker, Ring |
Ring won’t say if it was hacked after ransomware gang claims attack |
ALPHV Ransomware |
A notorious ransomware gang is threatening to leak data allegedly involving Amazon-owned video surveillance company Ring. The ransomware group ALPHV listed the video doorbell maker Ring as a victim on its dark website. “There’s always an option to let us leak your data,” the Russia-linked group wrote alongside the listing, seen by TechCrunch. |
|
March 05, 2023 |
Sun Pharma |
Sun Pharma suffers IT breach, says core systems not affected |
The ALPHV ransomware operation, aka BlackCat |
The Company said that the incident’s effect on its IT systems included a breach of certain file systems and the theft of certain company data and personal data. As part of the containment measures, it proactively isolated its network and initiated the recovery process. As a result of these measures, the company’s business operations were apparently not impacted |
|
February 22, 2023 |
food giant Dole |
Cyber attack on food giant Dole temporarily shuts down North America production, company memo says |
Unknown |
A cyber attack forced produce giant Dole to temporarily shut down production plants in North America and halt food shipments to grocery stores, according to a company memo about the incident obtained by CNN. |
|
February 18, 2023 |
MKS Instruments, Inc. |
Confidential information leaked in ransomware attack at MKS Instruments, Inc. |
Unknown |
MKS Instruments, Inc. filed a data breach notice with the Montana Attorney General on February 16, 2023 after learning of a ransomware attack on the company’s computer network. According to the filing, an unauthorised party gained access to sensitive consumer information like first and last names, Social Security numbers, dates of birth, employment history, and financial account information. |
|
February 12, 2023 |
B&G Foods |
B&G Foods attacked by Daixin Team; files leaked |
Daixin Team |
The cyber attack allegedly resulted in the encryption of an estimated 1,000 hosts and the exfiltration of files that have now been leaked on Daixin’s dark web leak site. |
|
February 06, 2023 |
Vesuvius, the LSE-listed molten metal flow engineering company |
Hackers hit Vesuvius, UK engineering company shuts down affected systems |
Unknown |
Vesuvius plc, a global leader in molten metal flow engineering and technology faced a cyber attack as the incident involved unauthorised access to its systems. |
|
February 02, 2023 |
Teijin Automotive Technologies |
Teijin Automotive Technologies files notice of data breach affecting over 25K employees |
BlackCat Ransomware |
The incident resulted in an unauthorised party gaining access to consumers’ names, addresses, dates of birth, Social Security numbers, health insurance policy information and banking information. |
|
January 26, 2023 |
Matco Tools Corporation |
Matco Tools Corporation files official notice of data breach affecting over 14k individuals |
Unknown |
The incident resulted in an unauthorized party gaining access to consumers’ names and Social Security numbers. |
|
January 17, 2023 |
Nissan North America |
Nissan North America data breach caused by vendor-exposed database |
Unknown |
Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information. |