{"id":5133,"date":"2025-10-01T02:14:20","date_gmt":"2025-10-01T02:14:20","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5133"},"modified":"2025-10-01T02:14:20","modified_gmt":"2025-10-01T02:14:20","slug":"dont-drink-or-drive-say-cyberattackers","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5133","title":{"rendered":"Don\u2019t drink or drive, say cyberattackers"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

When cybercriminals can shut down both a luxury carmaker and a major beer producer in the same month, it\u2019s clear that no sector is safe from operational disruption.<\/p>\n

Jaguar Land Rover (JLR), now backed by emergency government funding, is preparing to resume production<\/a> after what\u2019s been called one of the UK\u2019s worst cyber incidents<\/a>. Meanwhile, Japanese brewer Asahi is grappling with a production halt due to a malicious cyberattack.<\/p>\n

Experts say the attackers\u2019 goal is no longer just about stealing sensitive data; threat actors are aiming for all-out paralysis of a business, resulting in tangible, real-world consequences.<\/p>\n

\u201cThese recent incidents exemplify how supply chain compromises are now being targeted in the critical manufacturing sector with an explicit goal of shutting down production, sales, or logistics until the target victim pays or folds,\u201d said Erik Avakian<\/a>, a technical counselor at Info-Tech Research Group<\/a>.<\/p>\n

Protecting JLR\u2019s \u201cgreatly impacted\u201d supply chain<\/h2>\n

The attack on JLR began on August 31, prompting the company to pause production<\/a> the next day (September 1). Tens of thousands of workers have been temporarily laid off due to the attack, and the company is estimated to be losing \u20a450 million ($67.3 million) a week<\/a>.<\/p>\n

The Scattered Lapsus$ Hunters group has claimed responsibility and is believed to have employed voice phishing (vishing) to trick employees into handing over system credentials.<\/p>\n

JLR is one of the UK\u2019s largest exporters and operates the biggest supply chain in the UK automotive sector, which employs around 120,000 workers.<\/p>\n

The company\u2019s supply chain has been \u201cgreatly impacted\u201d by the shutdown, prompting the UK government to float JLR \u00a31.5 billion ($2 billion) via a loan guarantee. The money comes from a commercial bank, and JLR is required to pay it back over five years. JLR has confirmed that it will restart car production in the \u201ccoming days\u201d thanks to the financial boost.<\/p>\n

\u201cThis cyberattack was not only an assault on an iconic British brand, but on our world-leading automotive sector and the men and women whose livelihoods depend on it,\u201d said UK Business and Trade Secretary Peter Kyle.<\/p>\n

JLR says it continues to \u201cwork around the clock\u201d with cybersecurity specialists, the UK Government\u2019s National Cyber Security Centre (NCSC), and law enforcement to ensure that the restart is completed in a \u201csafe and secure manner.\u201d<\/p>\n

Taps no longer flowing at Asahi<\/h2>\n

Meanwhile, Asahi Group Holdings this week announced a \u201csystem failure<\/a>\u201d caused by a cyberattack. The beer brewer has suspended order, shipment, and call center operations, including customer service desks, at group companies in Japan.<\/p>\n

Asahi said that, as of now, there has been \u201cno confirmed leakage\u201d of personal information or customer data. The company is actively investigating the cause and is working to restore operations, but has no estimated recovery timeline.<\/p>\n

Attacker \u2018feeding frenzy\u2019<\/h2>\n

David Shipley<\/a> of Beauceron Security<\/a> called these incidents \u201csymptoms,\u201d rather than root causes, of cyber risk trends in manufacturing; it is essentially the \u201ccost of the global cybercrime tax\u201d and is what happens when companies declare \u201ccyber defense bankruptcy,\u201d he said.<\/p>\n

IT and security spending is being cut, causing organizations to \u201cfall off the threat treadmill, and injury results,\u201d he said. Firms are pouring capital investment into automation to make themselves more competitive, but that also makes them even more vulnerable to cyber disruption.<\/p>\n

\u201cThese organizations\u2019 defenses are being lowered at the worst possible time because they can\u2019t afford to keep them up,\u201d he said. \u201cThreat actors see the opportunity to hit these organizations, and there\u2019s a bit of a feeding frenzy happening now as they realize many firms are in the same situation as JLR.\u201d<\/p>\n

Roger Grimes<\/a>, CISO advisor at human risk management platform KnowBe4<\/a>, agreed that there is a concerning lack of cybersecurity investment. \u201cAfter over three decades of watching malicious hacking get worse and worse, I can\u2019t even imagine what \u2018tipping point event\u2019 would have to happen for the world to wake up and finally implement truly better cybersecurity,\u201d he said.<\/p>\n

Attackers still succeed with common attack methods<\/h2>\n

Although Asahi has not yet revealed how attackers penetrated its systems, JLR was the victim of a tried-and-true phishing attack.<\/p>\n

Threat actors continue to use phishing and spear phishing simply because they work, exploiting human psychology and error, Info-Tech\u2019s Avakian noted. When layered controls are not in place, \u201cone click on a malicious attachment is still really all it takes for a successful compromise, without the targeted user even knowing what has occurred.\u201d<\/p>\n

\u201cRansomware can be quite disruptive,\u201d agreed KnowBe4\u2019s Grimes. Between 70% and 90% of successful hacks involve social engineering, he claimed, yet companies aren\u2019t motivated to improve cybersecurity and human risk management.<\/p>\n

The same goes for patching; Google Mandiant has reported that unpatched software and firmware are involved in 33% of successful hacks<\/a> (often blended with social engineering), he pointed out, yet companies still have thousands of unpatched elements across networks and critical infrastructure.<\/p>\n

Hackers continue to focus on unpatched VPNs, network security devices, and middleware, and perform privileged escalation through Active Directory modifications, Avakian noted. Further, they are increasingly exploiting third-party software supply chain compromises.<\/p>\n

Once they gain unauthorized access, attackers can hide their presence and cover their tracks, and wait patiently \u201cjust for the right time\u201d to further penetrate systems. \u201cSome groups sit for weeks to map the business, ensuring maximum disruption,\u201d he said.<\/p>\n

Enterprises need a multi-layered approach<\/h2>\n

Enterprises must adopt a robust, multi-layered approach to security controls, response, and cyber hygiene, and embrace zero trust where access is \u201cisolated, monitored, and revocable,\u201d said Avakian. Map ERP, logistics, warehouse, and other business-critical systems, he advised, and apply safeguards like micro-segmentation, privileged user management (PAM), and multi-factor authentication (MFA).<\/p>\n

An \u201cassume breach\u201d mindset<\/a> is critical; this means conducting regular tabletop exercises, continuous monitoring, and threat hunting. Resilience also means reviewing incident response plans and playbooks, and employing air-gapped backups, said Avakian.<\/p>\n

\u201cAt the end of the day, attackers are still able to succeed because they can target the chokepoints in business operations and leverage ransomware\/extortion to force quick business decisions,\u201d he said.<\/p>\n

AI brings even more sophistication, he noted, allowing attackers to work at \u201ctremendous speed and scale,\u201d whether it\u2019s faster generation of phishes, scanning, or control weakness testing.<\/p>\n

In fact, Grimes estimate that by 2026, nearly all hacking will be AI-enabled<\/a>. Organizations must meet hackers on this turf with the use of agentic AI-enabled cyber defense tools. \u201cGood actors\u2019 AI bots against bad actors\u2019 AI bots, and the best algorithms will win,\u201d he said.\u00a0<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

When cybercriminals can shut down both a luxury carmaker and a major beer producer in the same month, it\u2019s clear that no sector is safe from operational disruption. Jaguar Land Rover (JLR), now backed by emergency government funding, is preparing to resume production after what\u2019s been called one of the UK\u2019s worst cyber incidents. Meanwhile, […]<\/p>\n","protected":false},"author":0,"featured_media":5134,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5133","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5133"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5133"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5133\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5134"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5133"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5133"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5133"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}