The recent Norsk Hydro cyberattack caused millions in losses, but could have been easily avoided, according to one cybersecurity expert.
Norsk Hydro has estimated the cost of a recent cyberattack against the company at at least 300m kroner ($41m).
The leading aluminium producer was hit by what it described as an “extensive” cyberattack earlier this month, which has since been revealed as a ransomware attack using a malware variant known as LockerGoga. The malware infects computer systems and encrypts files, rendering them unusable until a ransom is paid.
LockerGoga is frequently used in highly-targeted attacks businesses and altered for each target. Each LockerGoga payload has been found to contain a unique reference number and information on its intended target. Most recently, French engineering consulting firm Altran was targeted, as too were manufacturing companies Hexion and Momentive.
Hydro’s cybersecurity response praised
Hydro’s response to the incident has been praised by cybersecurity experts. The company has been transparent about the attack and the consequences suffered, detailing the attack in detail via its blog and social media channels.
Likewise, its quick response to the incident and attempts to limit damage has also been noted. A potential security breach was first detected by the company’s systems at around midnight, and by 5am Hydro’s worldwide network had been completely shut off in order to stop the malicious file from spreading.
By shutting down its systems, the company was forced to switch many of its processes to manual operation.
Despite its energy, bauxite & alumina, primary metal and rolled products business areas having returned to normal, its extruded solutions division is still operating at a reduced production rate of 20-30%. Likewise, one of its divisions, which makes doors and windows, remains “at a standstill”.
While such a drastic response may have saved the business from further damage, the company has still suffered considerably losses as a result, which, according to one cybersecurity expert, could have been avoided.
The rapid adoption of internet-connected technologies presents an abundance of new vulnerability for cybercriminals to exploit. By connecting these devices to a company system, this poses an immediate threat to operations and processes that, if attacked, could cause significant damage.
However, businesses are failing to minimise the threat that this poses to core business operations.
According to Chris Wysopal, CTO at application security firm Veracode, separating connected devices and technologies could reduce the risk and keep damage and cost down in the event of an attack. While a cyberattack may still occur, this would help to avoid the need to switch of important production systems.
“This [the Hydro cyberattack] is a great example of why employee workstations and other systems that need to connect to the internet need to be isolated from industrial systems,” Wysopal said. “The fact that [Hydro] felt the need to shut down some industrial systems means they didn’t feel the isolation was there or good enough.”