March 27, 2019

$40m Hydro cyberattack losses were easily avoidable, cybersecurity expert claims

By Luke Christou

The recent Norsk Hydro cyberattack caused millions in losses, but could have been easily avoided, according to one cybersecurity expert.

Norsk Hydro has estimated the cost of a recent cyberattack against the company at at least 300m kroner ($41m).

The leading aluminium producer was hit by what it described as an “extensive” cyberattack earlier this month, which has since been revealed as a ransomware attack using a malware variant known as LockerGoga. The malware infects computer systems and encrypts files, rendering them unusable until a ransom is paid.

LockerGoga is frequently used in highly-targeted attacks businesses and altered for each target. Each LockerGoga payload has been found to contain a unique reference number and information on its intended target. Most recently, French engineering consulting firm Altran was targeted, as too were manufacturing companies Hexion and Momentive.

Hydro’s cybersecurity response praised

Hydro’s response to the incident has been praised by cybersecurity experts. The company has been transparent about the attack and the consequences suffered, detailing the attack in detail via its blog and social media channels.

Likewise, its quick response to the incident and attempts to limit damage has also been noted. A potential security breach was first detected by the company’s systems at around midnight, and by 5am Hydro’s worldwide network had been completely shut off in order to stop the malicious file from spreading.

By shutting down its systems, the company was forced to switch many of its processes to manual operation.

Despite its energy, bauxite & alumina, primary metal and rolled products business areas having returned to normal, its extruded solutions division is still operating at a reduced production rate of 20-30%. Likewise, one of its divisions, which makes doors and windows, remains “at a standstill”.

While such a drastic response may have saved the business from further damage, the company has still suffered considerably losses as a result, which, according to one cybersecurity expert, could have been avoided.

Avoidable disruption

The rapid adoption of internet-connected technologies presents an abundance of new vulnerability for cybercriminals to exploit. By connecting these devices to a company system, this poses an immediate threat to operations and processes that, if attacked, could cause significant damage.

However, businesses are failing to minimise the threat that this poses to core business operations.

According to Chris Wysopal, CTO at application security firm Veracode, separating connected devices and technologies could reduce the risk and keep damage and cost down in the event of an attack. While a cyberattack may still occur, this would help to avoid the need to switch of important production systems.

“This [the Hydro cyberattack] is a great example of why employee workstations and other systems that need to connect to the internet need to be isolated from industrial systems,” Wysopal said. “The fact that [Hydro] felt the need to shut down some industrial systems means they didn’t feel the isolation was there or good enough.”

Verdict deals analysis methodology

This analysis considers only announced and completed cross border deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,