In a recent cyberattack, the LockBit ransomware group targeted U.K-based Zaun, a manufacturer of high-security perimeter fencing—revealing critical vulnerabilities in manufacturing networks.
LockBit, a well-documented threat actor, struck Zaun with a sophisticated attack on August 5-6. Zaun's cybersecurity systems managed to thwart the encryption of its servers, preventing further catastrophic damage.
However, LockBit did manage to exploit vulnerabilities, leading to unauthorized data access. Approximately 10 GB of data, equivalent to 0.74% of Zaun's stored data, was exposed during the breach.
The company shared the following statement:
"We are aware of an attack upon our servers by the Lockbit Ransom group at the beginning of August. Our cyber-security systems closed the attack before they could encrypt any files on the server. However, it has become apparent that LockBit was able to download some data from our system which has now been published on the Dark Web.
LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised. We are in contact with relevant agencies and will keep these updated as more information becomes available. This is an ongoing investigation and as such subject to further updates."
According to Zaun, the company has taken immediate measures to mitigate the attack on their systems and is collaborating with relevant agencies, including the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO).
LockBit's tactics and manufacturers' vulnerabilities
LockBit has been a prickly thorn in the side of many organizations over the last few years. According to a joint cybersecurity advisory from the FBI and CISA earlier this year, LockBit was the most globally used Ransomware-as-a-Service (RaaS) in 2022 and 2023.
In early July of this year, LockBit attacked the Port of Nagoya, Japan's largest cargo port that handles a fair share of Toyota's exports and imports, making a ransom demand in exchange for recovery of the port's computer system.
LockBit's choice of target reflects a keen understanding of the unique IT and OT challenges faced by manufacturers. Stephen Gates, Principal Security SME at Horizon3.ai, emphasized this in a statement to SecureWorld News:
"Today's attackers fully understand the disadvantages manufacturers face, especially in terms of their reliance on various computing systems, antiquated operating systems, commercial and custom-built applications, and lots of devices—some new and some incredibly old.
Many manufacturers likely have some older computers still in use that are running operating systems no longer supported. Although the older computers work just fine for the minimal tasks they perform, they can easily become an enabler of a successful breach."
This incident with Zaun underscores the importance of cybersecurity vigilance and the pressing need for manufacturers to update and secure their IT infrastructure in the face of evolving cyber threats.
Follow SecureWorld News for more stories related to cybersecurity.