Jaguar Land Rover cyber attack keeps workers at home

Jaguar Land Rover (JLR) has told its car workers to stay away from the assembly lines until at least Tuesday, as a possible culprit for the recent cyber attack upon it becomes public.

According to The BBC, production remains halted at car factories in Halewood on Merseyside and Solihull in the West Midlands, as well as at its engine manufacturing centre in Wolverhampton.

The BBC also says the disruption extends beyond JLR, with its network of parts suppliers also forced to reduce operations. Some have complained of a lack of transparency from the company, according to the broadcaster.

A group of young Anglophone hackers who call themselves “Scattered Lapsus$ Hunters” have claimed responsibility for the attack, according to the BBC and other media outlets.

The group has boasted about the hack on Telegram, sharing screenshots seemingly taken from inside the carmaker’s IT networks. The same gang was responsible for a wave of cyber attacks this year on UK retailers including Marks and Spencer (M&S). The newly named group seems to consist of hackers who have been part of the groups Shiny Hunters, Lapsus$ and Scattered Spider.

Michael Reichstein, chief information security officer at cyber security firm Quontech, speculates on the possible mode of entry. “Given the alleged perpetrators (‘Scattered Lapsus$ Hunters’), the initial point of entry was almost certainly not a brute-force technical exploit against a firewall. These groups are masters of identity-based attacks and social engineering. Likely scenarios include phishing/vishing; MFA fatigue attack; credential theft.

“The key takeaway is that the ‘way in’ was likely through a person, not just a piece of technology. The attackers targeted a legitimate identity and then used that access to move through the network.”

George Glass, associate managing director of Cyber Threat Intelligence at Kroll, commented on the attack and its context: “As schools return to term time this September, it seems that cyber threat actors are also returning to business as usual.

“With groups such as Scattered Spider often comprised of teenage members, the summer is increasingly becoming a lull in cyber threat as hot weather and holidays distract. This year, arrests from the UK’s National Crime Agency are also likely to have put a dampener on the group’s activities.

“Phishing, social engineering and account compromise remain the most common routes of attack, while the size of targeted companies such as Harrods, M&S and Jaguar Land Rover show that no company is immune.

“The effects of a hack or data breach are table-stakes for businesses. Equally worrying, Scattered Spider and its contemporaries are also conducting personal attacks and even physical violence on key executives at their targets, a dangerous new dynamic for staff and businesses alike.”

Meanwhile, Jaguar Land Rover’s terse statement remains its only public comment.

“JLR has been impacted by a cyber incident,” it said. “We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner.  At this stage, there is no evidence any customer data has been stolen, but our retail and production activities have been severely disrupted.”

A National Cyber Security Centre (NCSC) spokesperson added: “We are working with Jaguar Land Rover to provide support in relation to an incident. All organisations are urged to make use of the NCSC’s free guidance, services and tools to help reduce the chances of a cyber attack and bolster their resilience in the face of online threats.”