Scania admits leak of data after extortion attempt
Swedish trucking giant Scania has confirmed the hack of a third-party website leaked 34,000 files, but says the impact is so far “very limited.”
Last week, a hacker claimed to have breached an insurance subdomain at Scania’s website, claiming to have accessed and exfiltrated 34,000 files – which were then offered for sale on the dark web.
The website that was impacted is part of Scania Corporate Insurance services, and Scania told media that the site is operated by a third-party, adding that “current indications suggest the impact is very limited.” The hacker reportedly attempted to extort the company and its employees before listing the data for sale online.
The attack comes amid a rise in ransomware, which could be worse if companies are quietly paying out without reporting such incidents. Manufacturing companies, including the automotive sector, are increasingly becoming victims, with Tata Technologies hit by a ransomware attack earlier this year that forced systems offline, and Toyota hit five times in two years.
“Criminals continue to target the automotive industry due to its profitability through the vast amounts of sensitive data it holds,” said Andrew Lintell, General Manager for EMEA at Claroty.
What happened
The company told the BleepingComputer security site that the hackers used credentials stolen using malware to access the insurance claim documents at the end of May, and later emailed Scania employees with ransom demands under threat of leaking the data, before listing it for sale online.
“We can confirm there has been a security-related incident in the application “insurance.scania.com“, the application is provided by an external IT partner,” a Scania spokesperson said in a statement supplied to the publication. “On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware.”
The statement added: “Using the compromised account, documents related to insurance claims were downloaded.”
According to the statement, the extortion emails arrived the next day to “a number of Scanio employees” with threats to disclose the data. “A follow-up email with similar content came later from an unrelated third party whose email had been compromised,” the company added.
ITPRO has yet to get a response to a request for comment from Scania.
Partner risks
Claroty’s Lintell noted that the breach highlighted the challenge of keeping corporate data safe when working with partners and suppliers.
“Scania’s recent data breach stemmed from third-party compromise, showing how easy it is for attackers to spread through vulnerabilities in external vendors,” said Lintell. “Once inside, attackers can gain unrestricted access to data within the wider network and cause operational disruptions.”
He added: “Though Scania’s operational impact has been limited, the breach will still have reputational impacts and potential financial losses through the leak of documents containing sensitive data.”
Lintell said companies in the automotive industry needed to step up their security to more proactive techniques to avoid becoming victims of such attacks.
“To mitigate against third-party attacks, organisations need to move beyond siloed security practices and adopt a unified, proactive approach to security. This means enforcing multi-factor authentication and improving visibility with advanced detection,” he said. “Just as critical is a well-drilled incident response plan to empower staff to act quickly and decisively. This is key for the automotive sector to drive resilience.”
Source link
