Cloud Vulnerable
Can our dependence on the cloud put critical parts of our economy at risk?
In Cricket, a batsman can hit a bowler a hundred times; the bowler, on the other hand, has to get through the defences only once.
The same is true for hackers. Your system can prevent them a hundred times, but they just need to get through once.
On the 31st of August this year, the IT infrastructure of Jaguar Land Rover (JLR) was attacked. The company had to stop production by the 1st September, and the production did not resume till last week. A group calling itself Scattered Lapsus$ Hunters on Telegram claimed responsibility for the attack. This suggested collaboration between Scattered Spider, Lapsus$ and ShinyHunters, three English-speaking cybercrime groups.
Now, JLR is not a small company. With a turnover of close to £30 billion, it is amongst the larger companies in the UK. It contributes about 0.6% of the UK GDP and produces close to 500,000 vehicles every year. The company has close to 700 direct suppliers within the UK alone. The £30 billion cascades into several other entities and creates a hundred thousand jobs in the UK.
As the systems at JLR froze, the orders that would have normally gone out stopped going out. They just could not place the others with their systems down! The whiplash was such that the UK government stepped in and promised a line of credit of £1.5 billion to JLR, just to keep the suppliers alive.
The government will underwrite a £1.5bn loan guarantee to Jaguar Land Rover (JLR) in a bid to support its suppliers as a cyber-attack continues to halt production at the car maker.
[…]
About 30,000 people are directly employed at the company’s UK plants with about 100,000 working for firms in the supply chain. Some of these firms supply parts exclusively to JLR, while others sell components to other carmakers as well.
[…]
The government will underwrite the loan through the Export Development Guarantee (EDG), a financial support mechanism aimed at helping UK companies who sell overseas.
The loan will be paid back by JLR over five years, in an effort to boost the firm’s cash reserves as it makes a “backlog of payments” to its suppliers.
Source: BBC
So how did this all happen?
The HELLCAT ransomware group claimed responsibility for a major data breach against Jaguar Land Rover (JLR), in which gigabytes of sensitive information were leaked, including proprietary documents, source code, and employee and partner data. The attack, attributed to a threat actor known as “Rey” [identified by breach tracking platforms as an active member of HELLCAT] on a dark forum, on March 10, 2025, posted roughly 700 internal JLR documents that were compromised. The breach was enabled through stolen Jira credentials harvested via Infostealer malware, a known hallmark of HELLCAT’s operations. The exposed data includes development logs, tracking information, source code, and a large employee dataset with usernames, email addresses, display names, and time zones. The presence of verified employee information from JLR’s global workforce raises significant concerns about identity theft and targeted phishing campaigns.
Source: Cyfrima
Jira is a popular ticket management software developed by a company called Atlassian, which is an Australian startup success story. Using a Jira credential, the hackers found a way in and downloaded several internal documents. They sat pretty with access to the system, which the company was unaware of. When the time was right, they released the malware. Think of Jira as the complaint register. Someone handling the complaint register let their credentials slip out.
There are larger companies than JLR in the UK. Take Shell, which is the largest company. They pump oil in places that are miles away from the UK. Say, Shell’s operations were to stop for some reason, such as this, it would not put as many jobs at jeopardy in the UK as JLR did.
Cyberattacks are growing more and more sophisticated, and they are also being used as a means to engage in warfare with another country. It is not like cybersecurity is not being taken seriously, but your security is only as strong as your weakest link. When you have 30,000 people working in an organisation, you only need one of them to slip up with something as inane as Jira for your entire operations to grind to a halt.
Going back to where I started. Companies need to protect themselves from 10,000 instances every day. The hacker needs to get through once.
While the cloud has proved to be incredibly helpful from the perspective of scaling systems, it also remains the greatest source of threats.
This is not just for large companies to worry about. A couple of weeks ago, a nursery school was hacked in London, and the attackers threatened to release the details of the children on the internet.
Trillions of market cap sit in companies that have been built on the cloud. Will this lead to a re-evaluation amongst the larger companies?