Cyberattack disrupts services at crane manufacturer Palfinger

Palfinger, an Austrian firm that makes cranes and other machinery, said Monday that an “ongoing global cyberattack” had disrupted the company’s ability to process orders and shipments of its equipment.

Email services across the company were down in an incident that was causing “massive effects on its IT infrastructure,” Palfinger said in a statement greeting visitors to its website.

The possible suspects, the malicious software used and the possible length of the recovery process all remained unclear at the time of publication.

Palfinger has much at stake in keeping the IT supporting its logistics functioning. The company has 33 manufacturing and assembly sites in Asia, Europe and North and South America, according to its website, and reported more than $2 billion in revenue in 2019.

“In the manufacturing business, time is money, so the disruption of Palfinger’s IT services, as well as order processing and shipment delays, translates to lost revenue,” said Andrea Carcano, co-founder of industrial cybersecurity firm Nozomi Networks.

A series of ransomware attacks have hit manufacturers in recent years, exposing the sector’s struggles to secure factories that are increasingly digital. In response, U.S. manufacturers are taking more steps to secure their supply chains through a federal program run by the National Institute of Technology and Standards.

While there is no evidence that the industrial computer networks that support Palfinger’s manufacturing process have been compromised, the issue is a broader concern in the industry. Two years ago, researchers at security vendor Trend Micro showed how vulnerabilities in radio frequency protocols used by remote controllers could allow hackers to move cranes and other big machinery at construction sites and factories.