Automotive: Ransomware Threats

Background

The client is a fast-growing developer of vehicles, technology, and services with a 2.7 million square foot manufacturing plant of connected vehicles in the United States. The client operates a network of offices, test labs, experience centers, service centers, charging stations, and manufacturing facilities, all connected by thousands of employees.

The challenge

The client has recently experienced explosive growth, and the expansion shows no signs of stopping anytime soon.

Experiencing unauthorized access from the outside by a cyber attacker, the client’s servers were infected with ransomware that took several hours to contain, costing the client a hefty amount of money and the loss of over 100GB of data.

The solution

In proceeding to take action going forward and prevent any other acts of unauthorized access and information leaks, the client began to use AI EdgeLabs as an effective measure to detect, prevent, counteract, and remediate any act of illicit or abnormal behavior in their Edge and IoT infrastructures.

AI EdgeLabs quickly discovered that the client lacked a cohesive infrastructure and a consistent approach to secure its Edge and IoT environments, with more connections and devices becoming entry points by the day. There was a complete misalignment between the Edge and IoT infrastructures, making the lack of visibility of managed and unmanaged devices a real and dangerous issue.

Because their growth took off in a matter of months, they had no initial need to assess the security of their infrastructure and devices. Some facilities were more secure than others but still, the picture was bleak with many weak points available for exploitation.

After digging deep into the ransomware attack, we discovered that the unauthorized access was gained by hackers who infected an unmanaged device via a malicious email with an infected URL.

While under attack, the client had significant difficulty blocking the network and had to switch to manual production and shipping, costing them thousands of dollars by the minute.

An additional layer of security for the client's complete corporate estate was found in AI EdgeLabs, which won out after a thorough study. AI EdgeLabs provides the IT security staff with insight into network behavior that was previously unavailable from their existing set of lukewarm security.

AI EdgeLabs helps reduce their cyber attack surface with advanced network visibility, threat intelligence software for early threat detection, and automated incident and remediation protocols in real-time.

AI EdgeLabs: Advanced network visibility

Thanks to the AI EdgeLabs platform’s advanced network and device visibility, the client strengthened their environment and infrastructure instantly. With real-time snapshots and actionable insights about known and unknown threats, the client had access to accurate and comprehensive data on all connected assets across their facilities and devices, including laptops, computers, tablets, smartphones, and IoT devices.

“We have a bring-your-own-device policy, so it was imperative for AI EdgeLabs to ensure these potentially risky devices did not access our private network. Almost immediately, we realized that knowing how many devices there were in our environments was easy to know, even if it meant breaking them down into our company-owned devices and guest devices, as well as up-to-date reporting and forensics of anomalous behavior,” said the company’s Chief of Information Security Officer.

By detecting the early signs of ransomware, such as the creation of new accounts with high privileges, the installation of unauthorized software, port scans from inside the network, or spike in device activity, AI EdgeLabs delivers real-time protection, incident response, and interruption of any threat before they result in downtime or operational disruption.

Benefits of AI EdgeLabs for the Automotive industry

With the implementation of AI EdgeLabs’ automation for network and device security, we:

• Identify suspicious devices and disabled them automatically and immediately.
• Collect monitoring and reporting data from suspicious devices for deeper analysis.
• Halt account access for all suspicious devices.
• Kill infected device connections by updating access control lists with smart firewalling.
• Discontinue irregular or blacklisted processes on critical devices with automated incident response protocols.
• Improve security posture, network threat detection, and malware detection.
• Address the new and emerging concerns of their rapidly growing asset infrastructure.
• Stop device attacks before they even had the chance of causing harm.
• Alert the network and security teams with real-time information about threats and attacks.
• Set up a distributed defense infrastructure that was easy to scale.