Cyber attackers damage Jaguar Land Rover production

Jaguar Land Rover (JLR) has reported its production and retail operations have been significantly disrupted by a cyber attack.

As first reported in the Liverpool Echo, JLR workers at the company’s Halewood plant in Merseyside were told by email early on Monday morning not to come into work, with others sent home.

The company has issued a statement on its corporate web site: “JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner. At this stage, there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”

The BBC reports that the attack began on Sunday 31 August and comments that this comes at a significant time for UK car sales, since the latest batch of new registration plates became available on Monday 1 September.

It is not yet known who is responsible for the attack. It follows on the trail of other attacks this year on high-profile UK retailers, including Marks and Spencer, the Co-op and Harrods.

James Neilson, senior vice-president of international at cyber security platform supplier Opswat, commented on the JLR attack: “With operations becoming more digitised, especially with the merging of IT and OT [operational technology] zones, automotive companies are more vulnerable to cyber attacks.

“The attack has hit Jaguar Land Rover during one of their busiest times of the year – when new registration plates are launched. This type of situation gives attackers substantial leverage over their victims.

“Jaguar Land Rover confirmed that they shut down systems to mitigate the impact, which highlights the struggle organisations face in preventing attackers from spreading across their networks. This is why securing data flows between systems, employees and supply chains is critical. For any organisation, measures around access credentials, malware detection and data sanitisation are crucial in limiting the movement of attackers and protecting operational uptime.”

Mark Tibbs, from law firm Michcon, a partner within JLR’s cyber risk and complex investigations practice, said: “Jaguar Land Rover’s statement today on their cyber incident is yet another unwelcome reminder of the threats facing British brands.

“JLR’s swift action in proactively shutting down and working to restore systems, along with their transparent messaging, shows commendable crisis management. However, the severe disruption to retail and production activities highlights just how serious the impacts of cyber attacks can be.

“While the details of this latest attack have not been made public, it follows unconfirmed media reports from March that JLR was targeted by the Hellcat ransomware group. In that incident, attackers allegedly used stolen Atlassian Jira credentials, obtained by malware, to access internal systems and steal sensitive data.

“Recent media coverage has also indicated that the impact of the current incident has reached manufacturing, with staff at the Merseyside plant reportedly told to stay home while the company deals with the issues. This underlines the scale of disruption, with production activities halted.

“This could mean that the attack reached operational technology [OT] – the systems that operate manufacturing production. When faced with cyber attacks, companies may be forced to switch off OT systems as a precaution, to prevent the attack from spreading or causing physical damage.

“Alternatively, the disruption could be a result of IT systems being so interconnected with production processes that any shutdown has a direct knock-on effect on manufacturing. Either way, this will likely lead to delays, supply chain interruptions and challenges for deliveries to customers and retailers.”

JLR is owned by India-based Tata Motors, but both Jaguar and Land Rover are British brands going back to the 1930s and 1940s respectively.