Norwegian aluminium producer hit by ‘extensive’ cyber attack

One of the world’s largest aluminium producers, Norsk Hydro, has been hit by an “extensive cyber attack” affecting operations in several business areas, the company said in a statement.

The attack in the early hours of 19 March 2019 affected IT systems in “most business areas”, according to the notice issued to meet disclosure requirements of the Norwegian Securities Trading Act.

“Hydro is switching to manual operations as far as possible. Hydro is working to contain and neutralise the attack, but does not yet know the full extent of the situation,” the company said.

Norsk Hydro’s operations across Europe and the US have been affected, and investor concerns have been reflected in a 2.9% drop in the company’s share value, reports Reuters.

The cyber attack coincides with the recent appointment of a new chief executive officer to oversee operations from 8 May, according to Bloomberg.

Perhaps more significantly, the attack also coincides with the company’s efforts to restore production at its Alunorte plant in Brazil, amid claims of environmental damages by emissions of untreated water after flooding.

While Norsk Hydro has provided no details about the attack as it carries out its initial investigation, the claim of environmental damage in Brazil could indicate a motive.

Cyber attacks have been used in the past to punish companies that have angered activist groups or to draw attention to a particular issue or cause.

Commonly known as hacktivists, these cyber attackers are typically individuals, but can also be groups that operate in coordinated efforts, such as Anonymous or LulzSec. 

The attack comes amid growing concern in the security industry around the vulnerability of operational technology (OT) to cyber attack in the light of increasing IT/OT convergence.

OT, commonly found in the manufacturing sector, is vulnerable to cyber attack mainly due to increased connectivity to the internet and corporate information technology (IT) systems for remote maintenance,  monitoring and analysis, despite the fact that most OT was not originally designed to be connected to external systems and lacks the necessary security controls.

In recent years, the spotlight has fallen particularly on security concerns around cyber attacks by nation states or nation state backed groups on industrial control systems that form part of OT, particularly in manufacturing, oil, gas and power firms.

Almost 40% of industrial control systems (ICS) faced attacks in the second half of 2017, but industrial and energy firms are finding these systems difficult to secure, according to a report by Kaspersky Lab in August 2018.

Understaffing, underinvestment and the human factor are the top three challenges to keeping industrial networks secure, the security firm’s State of industrial cybersecurity 2018 survey revealed.

“Whilst we have few details, it is clear from the reported production outages that Norsk Hydro are suffering impacts on their industrial systems, as a result of its IT systems being affected,” said Max Heinemeyer, director of threat hunting at British artificial intelligence (AI)-based cyber security firm Darktrace.

The widespread nature of the compromise, he said, points to a snowball-effect, where a systematic vulnerability can result in mass operational disruption as was seen with WannaCry.

“This news will serve as a wake-up call to the manufacturing industry. Production plants are digital jungles and industrial security can no longer be seen as separate to IT security.

“Defenders of industrial control systems need technologies like AI that allow them to gain visibility across their entire digital infrastructure and thwart threats emerging anywhere from traditional servers to smart monitoring systems.”