Gedia Automotive Group has been the victim of a cyber-attack by a gang using ransomware known as Sodinokibi.
The German automotive parts maker, which is based in Attendorn, supplies lightweight chassis parts to carmakers across the world from locations including Spain, Poland, Hungary, China and the US.
In an initial statement the company said that following the attack it had immediately shut down its systems to prevent a complete breakdown of IT infrastructure. It added that the shutdown had far reaching consequences for the entire Gedia group because all locations were connected to a central IT structure and that it may take months until processes were completely restored. However, Gedia also said that it had put in place an emergency plan to ensure material supply and deliveries to customers were maintained.
That statement has since been removed from the company website but was republished by ComputerWeekly.com. Gedia Automotive has not provided any follow up comment on how the cyber-attack is affecting its supply chain.
According to ComputerWeekly.com the group behind the attack specialises in exploiting known security weaknesses to access IT systems. It then encrypts sensitive data and demands a ransom payment to return access of the data to the company. The group involved in the attack on Gedia was reported to be selling 50GB-worth of sensitive information on two Russian hacking forums last week following Gedia’s refusal to pay the ransom.
There have been a number of similar attacks over recent years that have disrupted global supply chains. In 2017 alone Maersk, FedEx, Deutsche Bahn, Honda and Renault-Nissan were hit by costly cyber-attacks. Cosco Shipping lines was also attacked in 2018.
Carmakers and their parts or service suppliers now share data through various digital channels to make operations, including manufacturing and logistics, more efficient, but the increasingly complex level of interconnectedness supporting the industry also makes those companies vulnerable. At last year’s Automotive Supply Chain Conference in Atlanta, Klint Walker, cyber-security advisor at the US Department of Homeland Security (DHS), explained that each business has multiple channels of entry through which hackers can gain access to important information and exploit it to their gain through theft or ransomware. As Walker put it, the ‘attack surface’ is getting bigger all the time.
One of the main problems in making manufacturing operations and logistics networks secure is the need to marry information and operational technology that were never designed to work together because of their different lifecycles. New IT systems are typically introduced in three-to-five-year update cycles, while operational systems can be in place for 40 years or more.