August 24, 2022: Continental Auto Group Hit in Attack
German multinational automotive group Continental suffered a cyberattack back in August and while the company said it successfully avert the assault, a ransomware group is now threatening to divulge information it said it stole during the hack.
In an August 24 statement, Continental said “in a cyberattack, attackers infiltrated parts of Continental’s IT systems. The company detected the attack in early August and then averted it. Continental’s business activities have not been affected at any point. The technology company maintains full control over its IT systems. According to current information, the IT systems of third parties have not been affected.
“Immediately after the attack was discovered, Continental took all necessary defensive measures to restore the full integrity of its IT systems. With the support of external cybersecurity experts, the company is conducting an investigation into the incident. The investigation is ongoing."
August 8, 2022: BRP Suspends Operations Following Ransomware Attack
The Quebec-based company, which makes snowmobiles, personal watercraft and all-terrain vehicles, said it had been the target of “malicious computer activity” and had taken “immediate steps to contain the situation.” BRP (formerly Bombardier Recreational Products) said it has hired cybersecurity experts to help secure its systems and support an internal investigation. Suspending operations could delay some transactions with customers and vendors, BRP said.
BRP provided an update on the situation on August 15: "The Company confirms that the malware infiltration came through a third-party service provider. BRP believes that the impact of the cyberattack was limited to its internal systems." "The evidence collected so far allows BRP to believe that the impact of this incident from a data privacy perspective should be limited. "
January 11, 2022: 300 GB of Sensitive Data Breached at Large Swiss Car Dealer
One of Europe's biggest car dealers, Emil Frey, was hit with a ransomware attack last month, according to a statement from the company. The Swiss company showed up on the list of victims for the Hive ransomware on February 1 and confirmed that they were attacked in January. "We have restored and restarted our commercial activity already days after the incident on January 11, 2022," a spokesperson said, declining to answer more questions about whether customer information was accessed.
Luxury car maker Ferrari is denying that it was hit with a ransomware attack after a gang added the company to its list of victims this week. The ransomware group RansomEXX posted to its leak site claiming to have stolen 7 GB of data from the company. The stolen documents allegedly include contracts, invoices, internal company information, repair manuals and more.
In a statement to The Record on Tuesday, a Ferrari spokesperson said it was aware of reports that documents from the company have been leaked online but said it is not dealing with any kind of ransomware attack or cybersecurity incident.
Gedia Automotive Group headquarters in Attendorn fell victim to a cyberattack on January 21. Shutdown of all systems was enforced to prevent a complete IT infrastructure breakdown. The company confirmed the attack shortly after the Sodinokibi ransomware gang threatened to publish sensitive data.
An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company's systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach the domain controller server using a Remote Desktop Protocol (RDP) connection. After the initial compromise, LockBit, Hive, and ALPHV/BlackCat affiliates also gained access to the victim's network on April 20, May 1, and May 15, respectively.
While dual ransomware attacks are increasingly common, "this is the first incident we've seen where three separate ransomware actors used the same point of entry to attack a single organization," Sophos X-Ops incident responders said according to a report in Bleeping Computer.
October 24, 2021: Cyberattack Cost Eberspächer Automotive Supplier $60Million says CEO
The German supplier Eberspaecher Group fell victim to a large-scale cyberattack on October 24, 2021. To prevent the possible spread of the attack within the company and externally, the company shut down all networks and servers. Later reports stated that at this point, some of the data had already been tapped and encrypted. Stellantis, Volkswagen, Audi, BMW among the automakers that could be impacted.
UPDATE July 2022,: Automotive News reports that the company is finally eliminating the remaining effects from its 80 sites worldwide. The attack cost the company a “mid-double-digit million amount,” Eberspaecher CEO Martin Peters told journalists.
June 14, 2022: Nichirin-Flex U.S.A Hit in Ransomware Attack
Japanese automotive hose maker Nichirin Co. said a U.S. subsidiary suffered a ransomware attack June 14 forcing it shut down its computerized production controls.
The U.S. unit, Nichirin-Flex U.S.A, which supplies hoses to Japanese carmakers, switched to manual production and shipping in order to keep parts flowing to customers, it said in a release. The attack occurred June 14, and the company reacted as soon as it detected the unauthorized access on its network and moved operations into manual mode.
March 10, 2022: Auto Parts Supplier Suffers Ransomware Attack
Global automotive parts supplier Denso suffered a ransomware attack last week, company officials said.
The ransomware attack group was Pandora. Japan-based Denso officials said they detected unauthorized access using ransomware at Denso Automotive Deutschland GmbH, a group company that handles sales and engineering in Germany, on Thursday (March 10).
Denso “promptly responded,” spokeswoman Izumi Saito said Sunday in a published report. Eventhough the company is still reeling from the attack, it has not had an impact on operations, Saito said.
February 28, 2022: Kojima Industries, a Toyota Supplier, Suffers Cyberattack
Toyota will shut down production in Japan Tuesday because one of its domestic suppliers suffered a cyberattack, company officials said Monday.
Kojima Industries is the supplier hit in the attack and it provides plastic and other parts to Toyota.
The company will suspend 28 lines at 14 plants. Toyota subsidiaries Hino Motors and Daihatsu Motor will also halt operations at some plants in Japan on Tuesday. The automakers are still determining whether they will be able to return to normal operations after Wednesday.