Bridgestone Americas is continuing to investigate a cyberattack that disrupted operations at certain facilities and said it expects to return to normal operations within days.
The tire company, a subsidiary of Japan-based Bridgestone, said it was impacted by a “limited cyber incident” that forced it to pause operations at certain manufacturing locations.
Bridgestone Americas remains confident that it was able to contain the attack early on in the process and does not currently believe any customer data or interfaces were compromised, according to a spokesperson.
“Although some plants were impacted, we have been methodically returning them back to full operation without incident and expect this to be completed over the next few days,” the spokesperson told Cybersecurity Dive Monday.
The company’s top priority has been on maintaining business continuity and protecting data and interfaces, the spokesperson said. Bridgestone Americas is still conducting a forensic analysis of the attack and is “working diligently” to address any further issues related to it while meeting its customer obligations, according to the spokesperson.
The attack is the second major incident to impact the auto industry in recent weeks. Jaguar Land Rover last week disclosed an attack that “severely disrupted” its production facilities.
The British automaker was forced to proactively shut down systems and begin a process of a controlled restart of its global applications. The company last week said there was no evidence of customer data being stolen; however the company confirmed to Cybersecurity Dive that it was investigating a claim of responsibility.
In a Saturday update, Jaguar Land Rover said it was working diligently to restore operations in a controlled and safe manner. The company was working with law enforcement and third-party forensic specialists during the process.
A spokesperson for the U.K. Information Commissioner’s Office told Cybersecurity Dive the company had reported an incident and officials were assessing the information the firm provided.
The claim was linked to a group of hackers behind a series of social engineering attacks in the U.K., the U.S. and elsewhere; however, there appears to be some involvement of multiple criminal threat groups.
Researchers from Sophos told Cybersecurity Dive there is information posted on Telegram that includes claims from a combination of groups, including Scattered Spider, Lapsus$ and ShinyHunters.
One of the figures active in that channel is a hacker that operates under the name “Rey” and has also been linked to Hellcat, which claimed credit for a prior alleged hack targeting Jaguar Land Rover earlier this year, according to Sophos.
“These groups don’t operate with strict hierarchies; instead, they’re loose collectives of young, English-speaking hackers who share tactics and sometimes collaborate,” Alexandra Rose, director, Sophos CTU, told Cybersecurity Dive.
“Scattered Spider in particular, is less of a single organization than an umbrella term for this demographic, which often prioritizes notoriety as much as financial gain. That fluidity makes attribution messy.”
Source link
