Swedish trucking giant Scania has confirmed the hack of a third-party website leaked 34,000 files, but says the impact is so far "very limited."
Last week, a hacker claimed to have breached an insurance subdomain at Scania's website, claiming to have accessed and exfiltrated 34,000 files – which were then offered for sale on the dark web.
The website that was impacted is part of Scania Corporate Insurance services, and Scania told media that the site is operated by a third-party, adding that "current indications suggest the impact is very limited." The hacker reportedly attempted to extort the company and its employees before listing the data for sale online.
The attack comes amid a rise in ransomware, which could be worse if companies are quietly paying out without reporting such incidents. Manufacturing companies, including the automotive sector, are increasingly becoming victims, with Tata Technologies hit by a ransomware attack earlier this year that forced systems offline, and Toyota hit five times in two years.
"Criminals continue to target the automotive industry due to its profitability through the vast amounts of sensitive data it holds," said Andrew Lintell, General Manager for EMEA at Claroty.
What happened
The company told the BleepingComputer security site that the hackers used credentials stolen using malware to access the insurance claim documents at the end of May, and later emailed Scania employees with ransom demands under threat of leaking the data, before listing it for sale online.
"We can confirm there has been a security-related incident in the application "insurance.scania.com", the application is provided by an external IT partner," a Scania spokesperson said in a statement supplied to the publication. "On the 28th and 29th of May, a perpetrator used credentials for a legitimate external user to gain access to a system used for insurance purposes; our current assumption is that the credentials used by the perpetrator were leaked by a password stealer malware."
The statement added: "Using the compromised account, documents related to insurance claims were downloaded."
According to the statement, the extortion emails arrived the next day to "a number of Scanio employees" with threats to disclose the data. "A follow-up email with similar content came later from an unrelated third party whose email had been compromised," the company added.
A Scania spokesperson told ITPro: "The application was immediately shut down, and an investigation was initiated. Relevant authorities have been notified. Our current assessment is that the impact is very limited, the investigation is ongoing."
Partner risks
Claroty's Lintell noted that the breach highlighted the challenge of keeping corporate data safe when working with partners and suppliers.
"Scania's recent data breach stemmed from third-party compromise, showing how easy it is for attackers to spread through vulnerabilities in external vendors," said Lintell. "Once inside, attackers can gain unrestricted access to data within the wider network and cause operational disruptions."
He added: "Though Scania's operational impact has been limited, the breach will still have reputational impacts and potential financial losses through the leak of documents containing sensitive data."
Lintell said companies in the automotive industry needed to step up their security to more proactive techniques to avoid becoming victims of such attacks.
"To mitigate against third-party attacks, organisations need to move beyond siloed security practices and adopt a unified, proactive approach to security. This means enforcing multi-factor authentication and improving visibility with advanced detection," he said. "Just as critical is a well-drilled incident response plan to empower staff to act quickly and decisively. This is key for the automotive sector to drive resilience."
-
Tenable report shows that organizations are failing to configure storage effectively – and may have a false sense of securityNews Nearly one-in-ten publicly accessible cloud-storage buckets contain sensitive data, almost all of it highly private
-
‘It’s a hard problem you can never solve unless you know the future’John Colgrove explains his journey from selling hard disks to becoming an SSD pioneer
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
