Apollo Vredestein used outdated and insecure software. The Financieele Dagblad (FD) published this yesterday. Last month, a malware attack temporarily shut down the tire manufacturer's production systems.
In addition to production systems, there were also problems with e-mail and order fulfillment. The company itself did not reveal how the cybercriminals managed to gain access to the systems.
According to the FD, the tire manufacturer used, among other things, a 15-year-old version of the program CesarFTP. This version contains several known vulnerabilities. The company's mail server also runs on dated software. The version found appears to contain eighteen known security vulnerabilities.
"Based on publicly available information, it can be seen that software intended for antiquated and insecure Windows versions was also running on these servers," said Mischa van Geelen, cybersecurity consultant at NFIR. Apollo Vredestein told the FD that it was aware of the vulnerable FTP and mail servers, but that they were not connected to the rest of the network.
