OT Cyberattacks in Manufacturing: LockBit and the Production Shutdown Pattern
In February 2022, LockBit ransomware operators attacked Bridgestone Americas — one of the world's largest tyre manufacturers — forcing the company to shut down manufacturing across North America for over a week. The attack demonstrated a capability that OT security professionals had warned about for years: ransomware operators with the knowledge and tools to move from corporate IT into production OT environments, creating simultaneous disruption across both domains. For manufacturers, the Bridgestone attack is a template for the scenario they must prepare for.
LockBit's Bridgestone attack shut down North American tyre manufacturing for over a week — demonstrating that OT environments are no longer beyond ransomware's reach.
How the Bridgestone Attack Combined IT and OT Disruption
The Bridgestone attack followed the modern ransomware playbook: initial access through corporate IT (likely via phishing or stolen credentials), lateral movement across the corporate network, escalation to domain administrator privileges, and then movement across the IT-OT boundary into production systems. By encrypting both corporate IT and OT systems simultaneously, the attackers maximised the production disruption and the financial pressure to pay. The attack highlighted the inadequacy of perimeter-focused defences in manufacturing environments — once inside the corporate network, there was insufficient segmentation to prevent the attack from reaching production systems.
Defending Against the Bridgestone Attack Pattern
Defending against this attack pattern requires controls at each stage: preventing initial access (email security, phishing simulation, MFA on all remote access); detecting lateral movement (EDR on corporate endpoints with behaviour-based detection; network monitoring for unusual east-west traffic); preventing IT-OT crossover (robust IT-OT network segmentation with industrial firewalls and minimal permitted traffic between zones; jump servers with MFA and session recording for any OT access from IT networks); and ensuring recovery without ransom payment (tested offline backups of OT configurations, PLC programming, and historian data — not just IT systems). The combination of these controls does not prevent every attack — but it breaks the attack chain that enabled the Bridgestone incident.
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.