On June 7, Belgium-based aircraft parts manufacturer ASCO Industries suffered a cyber attack which brought its production at four locations across Europe and North America to a standstill. The incident has been the most impactful cyber attack on a manufacturing company since the LockerGoga ransomware shut down operations at aluminum maker Norsk Hydro in March 2019, which caused over USD 40 million in financial damages. While it attempts to rebuild its infected IT systems, ASCO Industries has temporary dismissed about 1,000 employees at its headquarters near Brussels as well as at production facilities in Germany, Canada, and the U.S. The company initially estimated that its systems would be restored to baseline functionality by June 13, a deadline that was later extended to June 18.
No shortages reported despite week-long production outage
Unlike Norsk Hydro, ASCO Industries has yet to provide technical details on the attack, including the name and exact type of the cyber intrusion. The company issued its first statement on June 15 acknowledging the attack, but did not provide details on whether it paid a ransom or when it expected to resume full operations.
However, some important details have been disclosed in media reports: first, the removal of systems from internet accessibility indicates that the malicious infection may have been a ransomware attack. Second, no proprietary data appears to have been stolen which reduces the probability of a state-sponsored incident. And third, ASCO sought the help of an outside IT security provider to gradually rebuild its infected IT systems. This process started at the end of last week and is expected to make sufficient progress before employees will gradually resume operations on June 18.
However, it cannot be excluded that the process may take longer, as it took Norsk Hydro about 14 days to fully resume operations in an attack of similar scale and nature. Part of US-based Spirit AeroSystems, ASCO Industries produces precision components such as for the retraction and extension of flaps of aircraft wings to customers that include Airbus, Boeing, Bombardier, and Lockheed Martin.
Despite the one-week production outage, no supply shortages or impacts on production lines have so far been reported. However, should production lines continue to be disrupted for a second consecutive week, delivery delays and supply shortages are likely to occur, accelerating the search for potential alternative suppliers for such components and underlining the importance of adopting dual-source strategies for key suppliers.
Expect attacks on manufacturing companies to continue
The attack on ASCO Industries appears to be part of a series of attacks on manufacturing companies this year including on special vehicle maker Aebi Schmidt and chemical maker Hexion. These companies constitute an attractive target for cyber criminals as production outages via infected IT systems cause significant losses to the affected organizations. With such attacks generally yielding higher ransoms than in mass ransomware attacks on individuals, cyber resilience managers can expect further attacks to hit manufacturing companies, particularly those with vulnerable defence systems.
In the absence of visibility on the precise form of ransomware threat, customers engaged with and/or connected to ASCO Industries via IT interfaces should be aware of potential cyber risks to their own systems and perform a thorough due diligence to mitigate any potential intrusion. As an overall practice, those with supply chains exposed to 3rd party IT infrastructure should consult their supply chain managers and IT professionals to formulate the strongest possible defenses in anticipation of ransomware threats.