Cyberattacks on Industrial Organizations: A Growing Threat with Increased Visibility

Introduction

The second half of 2023 witnessed a surge in the number of cyberattacks targeting industrial organizations, reflecting the evolving threat landscape and the growing relevance of cybersecurity. These incidents varied in scale and severity but shared the ability to disrupt operations and inflict damage on victims. From ransomware attacks leading to temporary production halts to targeted assaults causing infrastructural consequences, the cases highlighted the diverse implications of cybersecurity failures for industrial enterprises. This article provides an overview of notable attacks that took place between July and December 2023, shedding light on the methods used by threat actors and the resultant ramifications.

Details of Incidents:

Wildeboer Bauteile GmbH & Co. KG

Wildeboer, a German component manufacturer, became a victim of a ransomware attack on July 14, leading to substantial disruptions to its IT and communication systems. The company was hesitant to pay the ransom demand and instead chose to commission an external IT forensics analysis to understand the attack while also working with law enforcement. The company confirmed that production was halted for almost a month, highlighting the attack's tangible impact on its operations.

TOMRA

Norwegian sorting machine manufacturer TOMRA suffered a comprehensive cyberattack impacting its data systems. The attack was discovered on July 16 and led to the affected systems being taken offline to contain the threat. Although most digital services remained operational, certain functionalities were affected. The company emphasized the importance of employee awareness, implementing training programs, and establishing defined incident recovery structures.

The Estee Lauder Companies Inc.

U.S.-based cosmetics manufacturer Estee Lauder reported an unauthorized third-party data breach involving some of its systems on July 18, 2023. The company promptly shut down the affected systems and launched an investigation with the help of cybersecurity experts and law enforcement. The perpetrator gained access to some data, which prompted further analysis to determine the scope and nature of the breach. Estee Lauder implemented security measures and remedial efforts to restore impacted systems and services, leading to disruptions to certain business operations.

Clorox

Chemical products manufacturer Clorox discovered unauthorized activity on some IT systems on August 14 and immediately enacted measures to contain the situation, including taking offline systems. The company collaborated with law enforcement to address the matter. As a result, Clorox faced disruptions to various aspects of its business operations, and the incident led to a decline in net sales of up to $356 million.

Kansai Nerolac Ltd.

Indian paint manufacturer Kansai Nerolac reported a ransomware incident affecting its systems on August 20. The company's swift response, including implementing precautions and protocols, helped mitigate the impact. Investigations with specialized security agencies are ongoing to determine the attack's extent and causes.

Somagic

French barbecue manufacturer Somagic was targeted by the Medusa hacker group on September 18, leading to the company's files being encrypted. The company subsequently discovered the breach, and the Medusa group claimed responsibility for the attack.

Wacoal Europe Co. Ltd.

Japanese lingerie manufacturer Wacoal's European subsidiary was hit by a cyberattack on September 19, impacting its ordering systems, websites, and phone systems. The company conducted a full-scale investigation and system improvement with the advice of external experts, working to address the disruptions to business activities.

Baccarat S.A.

French crystal goods manufacturer Baccarat was targeted in a cyberattack on September 27, leading to partial disruptions to its operations and the temporary suspension of online orders and deliveries. The company's statement clarified that customer personal and confidential data remained unaffected.

Zaun Limited

British sports fencing and high-security perimeter protection systems manufacturer Zaun Limited was hit by the LockBit ransomware group on August 5-6, leading to the threat actors' downloading of approximately 10 GB of data. The company subsequently confirmed the breach and notified relevant agencies, including the National Cyber Security Center and the Information Commissioner's Office.

Clorox

Clorox discovered unauthorized activity on some of its IT systems on August 14, leading to measures to contain the situation, including taking offline systems. The company collaborated with law enforcement to address the matter, resulting in disruptions to various aspects of its business operations. The incident is estimated to have caused a net sales decline of up to $356 million.

Bacarrat

French crystal goods manufacturer Baccarat was targeted in a cyberattack on September 27, leading to partial disruptions to its operations and the temporary suspension of online orders and deliveries. The company's statement clarified that customer personal and confidential data remained unaffected. On October 17, the Black Basta ransomware group added Baccarat to its list of victims, and on October 21, Barracat issued a message claiming responsibility for the attack.

These cases underscore the growing importance of robust cybersecurity measures to protect industrial organizations from potentially devastating attacks. The increase in both the number and severity of such incidents underscores the need for constant vigilance and comprehensive preparedness strategies. The cases highlighted the diverse methods and tactics used by threat actors, including ransomware, targeted assaults, and data breaches, emphasizing the need for a multifaceted approach to cybersecurity to protect critical infrastructure and operations.