Securing the Engine of Innovation

In 2017, Mondelez, a global food and beverage corporation, fell victim to an assault utilising the encrypting malware NotPetya. The attack caused irreversible harm to 1,700 servers and 24,000 laptops, impacting production facilities worldwide.

Mondelez reported that the attack involved the theft of numerous user credentials, affecting the company's ability to fulfil customer orders.

Following the incident, Mondelez filed a lawsuit against its insurer, Zurich, over the insurer's refusal to honour an insurance claim. Zurich contended that the use of NotPetya constituted an act of war, not covered under the policy. Similarly, Merck initiated legal action against its insurance provider, seeking $1.3 billion in damages from a cyberattack.

The NotPetya assault also disrupted operations at Maersk, resulting in a $300 million loss, at FedEx, incurring a $400 million loss, and at Rosneft, a Russian oil giant.

According to reports to WIRED magazine, the White House estimated that NotPetya inflicted $10 billion in damages.

Cyberattack Type: Encrypting malware
Location: Global
Cost: $100 million

In 2017, Renault-Nissan faced a cyberattack involving the WannaCry ransomware, halting production at five plants across England, France, Slovenia, Romania, and India.

To contain the infection within the corporate environment, the company isolated the affected plants from its network.

The attack occurred on a Friday, and by the following Monday, the compromised plants had resumed normal operations. However, the company chose not to disclose the specifics of the attack.

WannaCry ransomware, which targeted Microsoft Windows, spread across 150 countries, infecting around 200,000 devices. In a single incident, WannaCry reportedly cost the UK's National Health Service £92 million.

Though global damage estimates for WannaCry vary, some speculate losses reached as high as $4 billion.

Cyberattack Type: Ransomware
Location: England, France, Slovenia, Romania, India
Cost: Undisclosed

Following a severe cyberattack involving the LockerGoga ransomware, Norsk Hydro, a multinational aluminium manufacturer operating in 40 countries, shuttered several of its plants and took others offline.

The attack compromised the company's IT systems across various business functions, including its smelting facilities in Norway, Qatar, and Brazil.

Although the precise method used by hackers to infiltrate the company's network and deploy the ransomware remains unclear, experts suggest they may have exploited credentials obtained from a previous phishing attack or purchased from the dark web.

Aside from Norsk Hydro, the LockerGoga assault also affected Altran, a French consulting firm, along with two US-based chemical manufacturing companies, Hexion and Momentive.

Cyberattack Type: Ransomware
Location: Norway, Qatar, Brazil
Cost: $75 million

In 2016, an attack targeted the accounting department of FACC AG, an Austrian aircraft component manufacturer, resulting in losses of at least $55.8 million.

The scam began with a whaling attack, where a cybercriminal sends an email posing as a senior executive from the targeted company. In this instance, the email appeared to originate from the company's CEO and requested an FACC employee to transfer funds for a fictitious acquisition.

Following the attack, FACC dismissed its CEO and CFO. Authorities in Hong Kong apprehended a Chinese national linked to a company that received around €4 million from FACC and was suspected of laundering the proceeds.

Although initial reports estimated losses at $55.8 million, subsequent updates raised the figure to $61 million. Ultimately, FACC filed a lawsuit against its former CEO and CFO, seeking $11 million for their alleged failure to safeguard the company from the attack.

Cyberattack Type: Whaling attack
Location: Austria
Cost: Between $55.8 and $61 million

Gary Min, a research chemist, admitted to unlawfully obtaining DuPont's intellectual property in 2007. After Min left the company in 2005, DuPont uncovered that he had downloaded approximately 22,000 abstracts from the company's digital library and accessed 16,706 documents.

The materials Min accessed were unrelated to his assigned research duties and expertise but encompassed DuPont's core technologies and products, including those in the research and development pipeline.

Upon discovering Min's illicit actions, DuPont alerted the FBI, which searched Min's residence. The FBI discovered DuPont documents stored on multiple computers. Upon the agents' arrival, a software deletion program was actively erasing data from one of Min's computers.

Furthermore, agents found shredded DuPont documents in garbage bags and remnants of these documents in a fireplace. Additional DuPont documents were found in a storage unit linked to an apartment.

Min was sentenced to 18 months in prison, fined $30,000, and ordered to pay $14,500 in restitution.

Cyberattack Type: Insider
Location: Delaware
Cost: $400+ million (fair market value of technology accessed)

While government, healthcare, and education sectors have become prime targets for hacking groups, cyber incidents are increasingly common across businesses of all sizes. A notable case occurred in 2020 at Advantech, a major IoT manufacturer.

The breach came to light when Advantech received a ransom demand for 750 bitcoins, valued at $14 million at the time. In exchange for the ransom, attackers pledged to delete stolen data and decrypt affected systems.

As for the extent of the data breach, the attackers claimed that the 3GB of data they published on their leak site represented only about two percent of the total data they possessed. Although Advantech did not confirm whether the ransom was paid, they mentioned being in the recovery process, with operations gradually returning to normal.

Cyberattack Type: Ransomware
Location: Taiwan
Cost: Undisclosed, but could be as high as $14M with Major business disruptions