Production ground to a halt at French Renault factories over the weekend following the global spread of the ransomware, which demands Bitcoin payments in exchange for returning access to files. The virus infected computers in 150 countries and other victims included German rail network Deutsche Bahn and Nissan’s Wearside factory in Sunderland.
Speaking to Professional Engineering, a Nissan spokesman said it had been targeted but there was “no major impact” on the business. The spokesman has not yet responded to PE’s questions about what was impacted and why it was vulnerable.
Experts have said manufacturing companies worldwide need to act quickly to protect against the next WannaCry attack or a similar ransomware spread. “With the success of the initial infection of WannaCry, it wouldn’t be at all surprising to see the next iteration released soon,” said Gavin Millard from Tenable Network Security.
Organisations using Windows XP, Server 2003 and Windows 8 need to download the Microsoft MS17-010 patch, he added. “Although there has been a significant amount of interest in the media and inescapable coverage of the outbreak, many systems will still be lacking the MS17-010 patch required to mitigate the threat.”
Manufacturing companies are particularly vulnerable to cyber attacks because many use ageing “legacy” software, which has been connected to the internet and new devices, said Ross Brewer from security company LogRhythm. “The legacy control systems were never designed to attach to the internet… so by connecting them to internet protocol systems it means that they can be much more easily accessed and they have specific vulnerabilities that can be exploited,” he said.
Manufacturing companies are also not as “security-savvy” as others in financial or security markets, Brewer added. “They don’t think about cyber-security from a risk-to-reputation standpoint, and until something stops, a manufacturing assembly line it is classed as: ‘Well, it may happen to us but it hasn’t yet,’” he said. Machines often rely on old operating systems that can be exploited, but it is not immediately cost-effective for businesses to replace working equipment.
"Better understanding" needed
“There are thousands of control system components produced by all these control system manufacturers which don’t allow you to put anything on them from a security standpoint. They are closed systems and they… weren’t designed from the ground upwards with security in mind so there is a lot more vulnerability,” said Brewer.
Ageing equipment should be replaced when possible and manufacturers should also use security companies to monitor traffic and identify machines using risky protocols, he said, allowing them to create firewalls or other protection.
Senior decision makers and finance bosses need to have a better understanding of the risks from cyber attacks and how they could be affected, said Javvad Malik from security company AlienVault, in response to WannaCry’s impact on NHS computer systems. “Only then can decisions be made that can result in meaningful change,” he said.