This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.

Loss of Productivity and Revenue

From attackics
Jump to navigation Jump to search

To visit this technique’s new page please go to and update your links to https://attack.mitre.org/techniques/T0828

Loss of Productivity and Revenue
Technique
ID T0828
Tactic Impact

Description

Adversaries may cause loss of productivity and revenue through disruption and even damage to the availability and integrity of control system operations, devices, and related processes. This technique may manifest as a direct effect of an ICS-targeting attack or tangentially, due to an IT-targeting attack against non-segregated environments.

In cases where these operations or services are brought to a halt, the loss of productivity may eventually present an impact for the end-users or consumers of products and services. The disrupted supply-chain may result in supply shortages and increased prices, among other consequences.

A ransomware attack on an Australian beverage company resulted in the shutdown of some manufacturing sites, including precautionary halts to protect key systems.1 The company announced the potential for temporary shortages of their products following the attack.12

In the 2021 Colonial Pipeline ransomware incident, the pipeline was unable to transport approximately 2.5 million barrels of fuel per day to the East Coast. 3


Procedure Examples

  • Several transportation organizations in Ukraine have suffered from being infected by Bad Rabbit, resulting in some computers becoming encrypted, according to media reports.4
  • A Conficker infection at a nuclear power plant forced the facility to shutdown and go through security procedures involved with such events, with its staff scanning computer systems and going through all the regular checks and motions before putting the plant back into production.5
  • EKANS infection resulted in a temporary production loss within a Honda manufacturing plant.6
  • While Norsk Hydro attempted to recover from a LockerGoga infection, most of its 160 manufacturing locations switched to manual (non-IT driven) operations. Manual operations can result in a loss of productivity.78
  • NotPetya disrupted manufacturing facilities supplying vaccines, resulting in a halt of production and the inability to meet demand for specific vaccines.9
  • The REvil malware gained access to an organization’s network and encrypted sensitive files used by OT equipment.10
  • An enterprise resource planning (ERP) manufacturing server was lost to the Ryuk attack. The manufacturing process had to rely on paper and existing orders to keep the shop floor open.11

Mitigations

  • Data Backup - Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise. Maintain and exercise incident response plans 12, including the management of "gold-copy" back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.


References

  1. a b  Paganini, Pierluigi. (2020, June 14). Ransomware attack disrupts operations at Australian beverage company Lion. Retrieved October 8, 2021.
  2. ^  Lion Corporation. (2020, June 26). Lion Cyber incident update: 26 June 2020. Retrieved October 8, 2021.
  3. ^  Colonial Pipeline Company. (2021, May). Media Statement Update: Colonial Pipeline System Disruption. Retrieved October 8, 2021.
  4. ^  Marc-Etienne M.Léveillé. (2017, October 24). Bad Rabbit: Not‑Petya is back with improved ransomware. Retrieved October 27, 2019.
  5. ^  Catalin Cimpanu. (2016, April 26). Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved October 14, 2019.
  6. ^  Davey Winder. (2020, June 10). Honda Hacked: Japanese Car Giant Confirms Cyber Attack On Global Operations. Retrieved April 12, 2021.
  1. ^  Kevin Beaumont. (n.d.). How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business. Retrieved October 16, 2019.
  2. ^  Hydro. (n.d.). Retrieved October 16, 2019.
  3. ^  David Voreacos, Katherine Chinglinsky, Riley Griffin. (2019, December 03). Merck Cyberattack’s $1.3 Billion Question: Was It an Act of War?. Retrieved December 6, 2019.
  4. ^  Selena Larson, Camille Singleton. (2020, December). RANSOMWARE IN ICS ENVIRONMENTS. Retrieved April 12, 2021.
  5. ^  Kelly Jackson Higgins. (n.d.). How a Manufacturing Firm Recovered from a Devastating Ransomware Attack. Retrieved November 3, 2019.
  6. ^  Department of Homeland Security. (2009, October). Developing an Industrial Control Systems Cybersecurity Incident Response Capability. Retrieved September 17, 2020.



v · d · e
Adversary Techniques
Initial Access
Execution
Persistence
Evasion
Discovery
Lateral Movement
Collection
Inhibit Response Function
Impair Process Control
Impact


Retrieved from "https://collaborate.mitre.org/attackics/index.php?title=Technique/T0828&oldid=9597"