The Top 10 Manufacturing Industry Cyber Attacks

Share :

It’s no secret that the manufacturing industry has found themselves in the crosshairs of threat actors in recent years. With a low tolerance for downtime, international operational footprints, and servers full of valuable information, these organizations represent riches for ransomware gangs and individual hackers alike.

In 2023, manufacturing was the third-most represented industry in Arctic Wolf® Incident Response (IR) ransomware engagements, and fourth-most represented in IR business email compromise (BEC) engagements. In addition to frequency, which has continued to rise year after year, the median cost of a manufacturing ransomware attack responded to by Arctic Wolf Incident Response is now $500,000 USD.
The industry is prone to attacks and attempted breaches for several reasons, including:

  • A rise in connected devices and organizations — an estimated 29 billion devices will be connected by 2030
  • Global supply chains which can allow an attack to spread between organizations
  • Legacy systems that may contain vulnerabilities and other security gaps
  • Industrial IoT devices that threat actors can target for industrial attacks

As the threat landscape continues to evolve, we’re looking at 10 manufacturing cyber attacks that highlight what’s at risk , and what threat actors are targeting, when it comes to this massive industry.

Arctic Wolf’s Top 10 Manufacturing Cyber Attacks

Clorox

Attack type: Unknown, but has indications of ransomware
Location: North America
Year: 2023
Cost: $356 million USD

This attack, which has succeeded in disrupting operations of a major American goods manufacturer. According to an SEC filing by Clorox, the attack took many of its automated systems offline, including those by which large retailers such as Walmart and Target order products, highlighting how the breach of one organization can disrupt an entire supply chain.

While Clorox never confirmed if the attack was ransomware, the fallout, particularly the operational downtime, is consistent with other ransomware attacks. The breach also cost Clorox $356 million USD due to a 20% decline in sales, based on lower production volumes due to the attack. This is in addition to a steep drop in stock price and the $25 million Clorox spent securing their systems post-breach.

Norsk Hydro

Attack type: Ransomware
Location: Norway
Year: 2019
Cost: $70 million USD

After being hit by LockerGoga ransomware in 2019, Norsk Hydro, a multinational aluminum manufacturer with operations in 40 countries, was forced to close many of its plants and move others offline. The attack compromised the firm’s IT systems across multiple business functions, including the company’s smelting plants in Norway, Qatar, and Brazil, according to a Microsoft report. The organization chose not to pay the ransom, opting instead to shut down systems and operate manually for weeks, a decision which cost them around $70 million in business losses.

To gain initial access, the ransomware group had equipped an email attachment with a payload to launch a Trojan horse virus. While the virus was detected by antivirus days later, the threat actor had already gained access, and then deployed the ransomware.
In addition to Norsk Hydro, the LockerGoga attack also impacted Altran, a French consulting firm, as well as two U.S. chemical manufacturing firms, Hexion and Momentive.

Mondelez International

Attack type: Encrypting malware
Location: Based in Chicago
Year: 2017
Cost: $100 million USD

In 2017, Mondelez, a multinational food and beverage company, succumbed to an attack that leveraged the encrypting malware NotPetya — a virus used in a string of cyber attacks that year during an escalated conflict between Ukraine and Russia.

The attack permanently damaged 1,700 servers, 24,000 laptops, and impacted Mondelez production facilities around the globe, according to CSO Online. Mondelez says that the attack included the theft of thousands of user credentials and impacted the company’s ability to complete customer orders. Mondelez sued its insurance company, Zurich, due to the insurer’s decision not to pay an insurance claim. The insurer claimed the use of NotPetya was an act of war not covered under the policy.

The NotPetya attack also damaged operations at Maersk, which lost $300 million;, at FedEx, which lost $400 million; and at Rosneft, a Russian oil company. According to statements made to WIRED magazine, the White House estimated that NotPetya generated $10 billion in damages during 2017, and to this day is one of those most notorious and studied cyber attacks.

Ransom for manufacturing orgs has now increased to $500,000 USD

JBS

Attack type: Ransomware
Location: Australia and North America
Cost: $11 million USD
Year: 2021

Reportedly engineered by Russia’s REvil hacker collective, the ransomware attack on JBS —which produces a fifth of the world’s meat supply — halted meatpacking operations at multiple plants for upwards of five days in the U.S, Canada, and Australia. This attack disrupted meat production and distribution, depriving many non-union employees of several days’ wages.

It has not yet been disclosed how the hackers gained access to the JBS system, but in a statement JBS indicated that, while it was able to get most of its systems operational without REvil’s help, it chose to pay $11 million in ransom to keep the files safe. REvil was a Russian-based ransomware group who was caught and charged by international authorities in late 2021.

Brunswick Corporation

Attack type: unknown
Location: Global
Year: 2023
Cost: $85 million USD

A billion-dollar boating manufacturing firm, Brunswick Corporation suffered a cyber attack in June 2023 that not only disrupted operations for 9 days but cost the organization $85 million.

In addition, the firm filed notice with the Massachusetts Attorney General’s Office that the breach compromised personal information of employees and customers, including names, mailing addresses, social security numbers, driver’s license numbers, payment card data, and health information.

Applied Materials

Attack: Ransomware; Supply-chain
Location: United States
Year: 2023
Cost: $250 million USD

As a multi-billion-dollar organization which supplies semiconductor technology to a number of partners, Applied Materials is a good example of supply chain risk. It became the victim of a supply-chain ransomware attack in February 2023 that disrupted shipments, and while not confirmed, it’s been reported MKS Instruments is the main victim this attack stems from, according to Bloomberg.

The cost of $250 million is said to be from lost sales in the second quarter of 2023, following the breach.

As organizations become more connected, especially in the manufacturing sector, these kinds of attacks have increased, as threat actors seek out weak points in the supply chain.

Simpson Manufacturing Company

Year: 2023
Type: Possible ransomware
Location: United States
Cost: Unknown

Simpson Manufacturing Company, a manufacturer of building materials, was the victim of a cyber attack in October, 2023, that caused them to take systems offline, disrupting business operations. The systems remained down as of December 2023, highlighting the severe scope of the incident. While it’s unknown if the root cause was ransomware, it’s been reported that the incident response steps are like that seen in ransomware attacks.

The disruption caused the public company’s stock to decline by 9.4% over a single month.

Toyota

Year: 2022 and 2023
Location: Global
Type: Ransomware
Cost: Unknown

Toyota has made headlines for multiple cyber attacks across 2022 and 2023, highlighting just how at-risk large manufacturing organizations are to modern cybercriminals.

In 2022, the car manufacturer had to shut down 14 factories in Japan for over 24 hours after a virus infected a file server. The lost output equaled about 13,000 vehicles.

In December of 2023, Toyota Financial Services in Germany had to shut down systems after Medusa ransomware exfiltrated data, holding it for an $8 million USD ransom. Earlier in 2023, Toyota had to notify customers that two million customer records were exposed for over 10 years, which highlights ongoing issues the manufacturing organization has had with their internal data security.

Bridgestone Americas

Year: 2022
Location: North and Latin America
Type: Ransomware, from ransomware gang LockBit
Cost: Unknown

Bridgestone Americas, a global tiremaker, had their North American systems knocked offline by a ransomware attack in February of 2022. The organization had to shut down their manufacturing and retreading operations in both North America and Latin America for several days after LockBit infiltrated their operations and exfiltrated data.

While it’s unclear if Bridgestone paid LockBit’s desired ransom, the organization did send out notice that customer and employee data was compromised, including names, social security numbers, and bank account information.

This breach shows that while disruption is a nice by-product of many manufacturing cyber attacks, threat actors are often interested in valuable data, not the operations of an organization.

Johnson Controls

Year: 2023
Location: Asia
Type: Ransomware
Cost: $27 million USD

Johnson Controls, a multi-national manufacturer of industrial control systems was the victim of a ransomware attack in fall of 2023, as their Asia offices were breached, causing a virus to spread across the organization.

The ransomware gang The Dark Angels took credit for the attack, and exfiltrated over 27 TB of data. They demanded an initial ransom of $51 million USD.

While the firm did not disclose whether they paid a ransom, they filed a disclaimer with the Securities and Exchange Commission (SEC), stating that the cost of remediating the attack totaled $27 million USD. The organization has said as of early 2024 that systems are restored, and while it admitted data was stolen, it has not said whether that data has been released on the dark web or compromised in another manner.

How To Protect Your Manufacturing Organization Against Cyber Threats

There is no singular tool or approach that will keep your manufacturing organization safe. Just as IoT devices speak to endpoints which connect to users across the globe who then transmit data up and down the supply chain, a comprehensive cybersecurity approach is as complicated as your operations, and should be one that considers every aspect of an organization’s environment and how each part interacts with another.

Some actionable steps a manufacturing company can take to further their security journey and protect their valuable data include:

1. Investing in 24×7 monitoring that offers broad visibility into your organization’s environment. You can’t protect what you can’t see, so implementing a tool that offers eyes on everything can go a long way in not only evaluating your own security architecture, but fast action when an incident occurs.

2. Practicing strong identity security, including following zero trust guidelines and implementing multi-factor authentication (MFA). As organizations digitize, identities become the new firewalls, holding the credentials that can stop threat actors, or let them enter an environment with ease. By implementing strong identity and access management (IAM) and ensuring that your monitoring software includes identity threat detection and response capabilities (ITDR), your organization can harden your environment by protecting user identities.

3. Employ user awareness training to reduce human risk. You can harden identities through techniques and tools, but tools can’t stop an employee from clicking on a phishing email and opening the door to malware. By implementing security awareness training that offers relevant, industry-specific content, relies on micro-learning techniques, and works with compliance requirements, your business can reduce human risk while increasing resilience.

4. Work with a trusted cybersecurity partner. When it comes to reducing cyber risk, no organization can do it alone. By working with a security operations partner that’s well-versed in the threats, compliance, and security needs of your industry, and can help with detection, response, and risk management, your IT team can focus on what matters, knowing work is being continually done to harden your attack surface.

Learn how Arctic Wolf’s Managed Detection and Response was able to detect and stop a BEC attack on a manufacturing plant within minutes.

Explore the threat landscape in-depth and how manufacturing organizations are targeted with the 2024 Arctic Wolf Labs Threat Report.

Define the steps your organization needs to take to improve its cybersecurity posture.

Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter