#
Jaguar Land Rover Cyber Attack: Workers Told to Stay Home as Production Halted
A devastating cyber attack has brought Jaguar Land Rover's (JLR) car production to a grinding halt, leaving thousands of workers at home until further notice. The automotive giant has confirmed that its car factories in Halewood on Merseyside and Solihull in the West Midlands, as well as its engine manufacturing centre in Wolverhampton, remain closed until at least Tuesday.
The disruption extends beyond JLR, with its network of parts suppliers also forced to reduce operations. The impact is being felt far and wide, leaving many wondering how such a massive organization was breached so easily.
According to reports from The BBC, the cyber attack was carried out by a group of young Anglophone hackers who call themselves "Scattered Lapsus$ Hunters." This group has boasted about their hack on Telegram, sharing screenshots seemingly taken from inside JLR's IT networks. The same gang was responsible for a wave of cyber attacks this summer on UK retailers such as Marks and Spencer (M&S).
The newly named group seems to consist of hackers who have been part of other groups such as Shiny Hunters, Lapsus$, and Scattered Spider. These individuals are known for their expertise in identity-based attacks and social engineering. Michael Reichstein, chief information security officer at cyber security firm Quontech, has offered insight into the possible mode of entry.
"Given the alleged perpetrators ('Scattered Lapsus$ Hunters'), the initial point of entry was almost certainly not a brute-force technical exploit against a firewall," Reichstein explained. "These groups are masters of identity-based attacks and social engineering. Likely scenarios include phishing/vishing; MFA fatigue attack; credential theft."
The key takeaway is that the 'way in' was likely through a person, not just a piece of technology. The attackers targeted a legitimate identity and then used that access to move through the network.
As schools return to term time this September, it seems that cyber threat actors are also returning to business as usual. George Glass, associate managing director of Cyber Threat Intelligence at Kroll, warned: "With groups such as Scattered Spider often comprised of teenage members, the summer is increasingly becoming a lull in cyber threat as hot weather and holidays distract.
"This year, arrests from the UK's National Crime Agency are also likely to have put a dampener on the group's activities. Phishing, social engineering, and account compromise remain the most common routes of attack, while the size of targeted companies such as Harrods, M&S, and Jaguar Land Rover show that no company is immune.
"The effects of a hack or data breach are table-stakes for businesses," Glass added. "Equally worrying, Scattered Spider and its contemporaries are also conducting personal attacks and even physical violence on key executives at their targets, a dangerous new dynamic for staff and businesses alike."
Meanwhile, Jaguar Land Rover's terse statement remains its only public acknowledgment of the cyber attack. "JLR has been impacted by a cyber incident," it said. "We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner.
"At this stage, there is no evidence any customer data has been stolen, but our retail and production activities have been severely disrupted." A National Cyber Security Centre (NCSC) spokesperson added: "We are working with Jaguar Land Rover to provide support in relation to an incident. All organisations are urged to make use of the NCSC's free guidance, services, and tools to help reduce the chances of a cyber attack and bolster their resilience in the face of online threats."
As the situation continues to unfold, one thing is clear: no company is immune to the threat of cyber attacks.