Jaguar Land Rover has also become a target of a crippling cyberattack, which has compelled the largest carmaker in Britain to shut down its major manufacturing plants and grossly affected its retail business, becoming one of the biggest cybersecurity breaches to strike the automobile sector this year. A collective of English-speaking hackers has claimed the attack, which is associated with the many high-profile hacks of big retailers in the UK.
Hackers who are English-speaking say they did it
The Guardian reports that a group of English-speaking hackers associated with the Marks and Spencer cyber-attack has taken credit for an attack on Jaguar-Land Rover. One of the channels on the Telegram platform included a screenshot of what seemed to be the internal IT systems of the carmaker, and a news article about the hack.
The name of the Telegram channel is an amalgamation of three English language-speaking, or Western-based, hacking gangs named Scattered Spider, Lapsus, and ShinyHunters. The collective of teenage and twentysomethings known as Scattered Spider has been accused of attacks this year on British retailers M&S, Co-op, and Harrods.
Huge disruption of production throughout manufacturing sites
Monday saw the largest carmaker in Britain shut down production at major manufacturing and retailing facilities after acknowledging that a cyber-incident had severely disrupted its manufacturing and retailing operations. It said that it could not detect any evidence that it had stolen any customer data, but that it had proceeded to close its systems and that it had had to do it as quickly as it could in order to contain the damage.
JLR did not give any additional details on who had caused the incident, when it was realized, or how long it would be before it got back on its feet. According to sources in the Car industry, it had a serious impact on its suppliers, who supply its factories with parts regularly.
The suppliers lose a lot of money
Industry sources estimate that these suppliers would lose tens of millions of pounds in sales due to the discontinuation of production. The attack underscores the interdependence of the current automotive production processes, where just-in-time delivery networks expose the whole supply chain to cybercrime attacks. One of the personas on the Telegram group, known as Rey, is the same name as one of the members of Hellcat, the ransomware group that purported to have stolen data in JLR earlier this year, said a security researcher at UK-based cybersecurity company Sophos.
Hackers advance social engineering
Sinnott said they used social media and were interested in it. Lapsus was no exception, which is why the tactics used and their demographics were similar to the Scattered Spider collective. Talking about ShinyHunters and Scattered Spider, Sinnott said: “It is hard to organize them into a group since they are, in fact, people who interact online and engage through different tools, such as Telegram.
The JLR cyber-attack is amid the unstable state caused by the US tariffs and decreasing sales. The carmaker reported underlying pre-tax profit in the first half year to June was down by 49% to 351m, and this saw the firm suspend exports to the US temporarily. A National Crime Agency spokesperson said: We have heard of an incident that has hit Jaguar Land Rover, and we are working with partners to learn more about its impact.
The Jaguar Land Rover cyberattack is a milestone in the history of cyberattacks on critical manufacturing infrastructure, and it demonstrates how well-developed hacker groups can severely disorient essential industrial operations. The incident demonstrates the need to make certain that the quality of cybersecurity within the automobile industry is improved by any means, as business is becoming more reliant on online digital networks and supply chains.