The German company ThyssenKrupp AG yesterday announced that hackers had stolen technical trade secrets from its steel production and manufacturing plant design divisions, Reuters reports.
“ThyssenKrupp has become the target of a massive cyber attack,” the company said in a statement.
The company said the attack involved “organized, highly professional hacker activities,” and the hackers were located in southeast Asia.
The breach was discovered in April and traced back to February, Reuters reports. The company waited to announce the breach until all infected systems were identified and cleaned, and new safeguards were implemented.
According to Reuters, a cyber attack two years ago caused massive physical damage to an unidentified German steel plant. While media reports at the time identified the plant as belonging to ThyssenKrupp, the company denied it.
BitSight vice president Jake Olcott told eSecurity Planet by email that manufacturers hold some very sensitive trade secrets, both for themselves and for their customers. “As is becoming the case more and more, hackers are infiltrating third parties in the supply chain in order to obtain sensitive data,” he said. “This event should be a wake up call to anyone sharing sensitive information, including plans or IP, to have a thorough understanding of their partners’ cybersecurity performance.”
And Absolute Software global security strategist Richard Henderson said by email that manufacturing companies’ boards of directors need to make cyber security a top priority. “Attackers are not going to stop probing your infrastructure for cracks for even a moment,” he said. “Today’s news should be a wake up call for many companies: cyber thieves will come back to drink from the well again and again.”
A recent survey conducted by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) found that almost 40 percent of manufacturing companies were affected by cyber incidents in the past 12 months, and 38 percent of those impacted said the breaches resulted in damages of more than $1 million.
“Manufacturers are innovating at an unprecedented rate, integrating cutting edge technologies in products, automating the shop floor, connecting supply chains, and increasingly investing in valuable intellectual property,” Deloitte & Touche vice chairman Trina Huelsman said in a statement. “While these advancements should position them for future growth, the industry is also likely to experience an acceleration in the velocity and sophistication of associated cyber threats.”
The top motives of cyber attacks, according those surveyed, were financial theft, intellectual property theft, and targeted attacks on senior executives for financial gain or access to company strategies or investments.
Seventy-six percent of companies surveyed transmit product data over Wi-Fi, and 52 percent said their connected products store and/or transmit confidential data, including Social Security and banking information.
“Cyber risk is a critical part of every manufacturing environment and demands attention from every employee, contractor, and business with whom a company interacts,” MAPI president and CEO Stephen Gold said in a statement. “The most effective approach will rely on more than the CIO or CISO by also engaging the board and C-suite. Company leadership needs to understand their comprehensive cyber risk profile to appropriately allocate resources to mitigate risk.”
