JLR woes worse than previously thought.
The iconic British brand today warned its business would stay stalled for even longer. And a loose confederation of threat actors, now calling itself Scattered Lapsus$ Hunters, has claimed responsibility for hacking the big car firm—via tedious Telegram trolling.
Yes, it’s those Salesforce vish kiddies again. In today’s SB Blogwatch, we drive the point home.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Vader/Luke rap battle.
JLR vs. SLH
What’s the craic? Sam Tabahriti and Pushkala Aripaka report: Stoppage from cyber attack stretches to three weeks
“Financial impact of the stoppage”
Britain’s largest carmaker, Jaguar Land Rover, said a pause in production due to a cyber attack would now stretch to September 24, … the company said on Tuesday, … extending the stoppage at its British plants to more than three weeks. … “We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the … restart of our global operations, which will take time,” JLR said.
…
It has told many of its 33,000 staff to stay at home. … There is concern about the financial impact … on JLR’s British supply chain, which includes many smaller companies and supports 104,000 jobs across the country.
Do we know who’s responsible yet? Sergiu Gatlan thinks so: Jaguar Land Rover extends shutdown after cyberattack
“Scattered Lapsus$ Hunters”
The British automaker has been working to resume operations … following a devastating cyberattack that impacted its systems at the end of August. … While the automaker confirmed the threat actors stole information from its network, it has yet to attribute the breach to a specific cybercrime group.
…
However, a group of cybercriminals identifying as “Scattered Lapsus$ Hunters” has taken responsibility for the cyberattack, posting screenshots of an internal JLR SAP system on a Telegram channel and stating that they’ve also deployed ransomware on the company’s compromised systems. This cybercrime group claims to consist of cybercriminals associated with the Scattered Spider, Lapsus$, and ShinyHunters extortion groups. Scattered Lapsus$ Hunters also claimed responsibility for recent Salesforce data theft attacks.
What can we learn? Bill McCluggage has puns of steel: Here’s how not to get taken for a ride
“A significant undertaking”
What makes JLR’s case noteworthy is its speed of response. The company quickly shut down IT across its distributed operations, presumably to prevent attackers from moving laterally through their system and causing wider damage. It was disruptive, no doubt, but in the face of a live attack, it was a bold and necessary call.
…
It’s not if an organization will be tested; it’s when. So, how can businesses … be better prepared?
— Act quickly: JLR’s swift action to isolate its systems likely limited the damage. …
— Diversify your tech stack: … Monocultures breed risk and … prohibitive switching costs. …
— Secure Active Directory: … Eliminate weak and legacy authentication, … implement robust monitoring. …
— Understand who has access: … Businesses need to know what apps have access to their data and why. …
— Zero trust model: … This is a significant undertaking, but it is a necessary one.
There are more questions than answers, still. As Non Exec exemplifies:
What was JLR’s spending on cybersecurity?
How far down the agenda did cybersecurity come at board meetings?
Did the cyber team report direct to the Audit Committee?
… Or were they hidden behind the IT department (with whom they would be conflicted)?
Is that fair? elsergiovolador blames outsourcing:
If you were ever weighing up whether outsourcing your IT was a good idea, Jaguar Land Rover has just published the best advert against it. Four weeks of shutdown, suppliers collapsing, hundreds of millions torched. For what?
Let’s just say it’s a question of budget priorities, eh? Here’s gweihir:
So, how is that cheap IT security working out? Because essentially [it] made it easy for the attackers. Attackers do not spend more effort than needed, because they have economic constraints (and skill constraints) too. I guess that “saved money” is getting very expensive now.
And how come JLR hasn’t managed to recover? Sam not the Viking sounds slightly sarcastic:
Well, this must be the point that their tried, tested and proven Disaster Recovery Plan is dusted off and implemented. If there isn’t one, and it doesn’t appear that there is, the directors … are clearly not the right people to re-start the business.
So, what’s next? sinij worries about connected cars:
Every JLR car after sometime 2020 is connected. … The logical next step [is] to push out ransomware OTA to all vehicles.
Meanwhile, good grief, it’s Goodgrief:
Imagine what will happen when autonomous driving software systems are hacked.
And Finally:
I find your lack of flow disturbing
CW: Spoilers, uncannies, off-color Ben beats.
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Carlos Ramirez
