Former General Motors CISO Rich Armour said the dark web has been quiet on the attack so far.
Toyota Motor said it will suspend domestic factory operations on the first of March. According Reuters despite the potentially losing around 13,000 cars of output, the shutdown was necessary after a supplier of plastic parts and electronic components was hit by a suspected cyber-attack.
Reuters also reported Japanese auto parts supplier GMB Corp recorded unauthorised access to a server on Feb. 27, the day after one of Toyota Motor Corp’s suppliers reported a cyberattack that halted one of the automaker’s domestic factories.
GMB said in a statement that the unauthorised access appeared to be ransomware and it is working with police and other relevant companies to counter the issue.
Rich Armour, former General Motors CISO and advisor and Nozomi Networks said “The dark web has been quiet on this attack so far.
Armour stated it was possible that the Russian Government was behind the attack or one of its cybercriminal organisations, but it looks more like a typical ransomware or other play against a target of opportunity.
“Bridgestone was also hit with a cyber-induced outage over the weekend which raises the possibility of a coordinated attack on the industry. Right now, it’s too early to tell if the two are related,” he said.
Armour noted that cybersecurity has been on ongoing challenge in the global automotive supply chain. Most major automotive original equipment manufacturers have tens of thousands of suppliers ranging in size from Fortune 500 businesses to small family-owned enterprises, so the quality and coverage of cybersecurity controls has been inconsistent at best.
“While I was the CISO at General Motors, we led an initiative through the Automotive Industry Action Group to develop and issue industry standard cybersecurity contract requirements for suppliers. Adoption has improved but still needs to be strengthened,” said Armour.
Danielle Jablanski OT Security Strategist at Nozomi Networks believes the incident highlights a single point of failure for business interruption resulting in a loss of production.
“It is also an example of a major cyber risk for ‘just-in-time’ manufacturing. Toyota has thwarted direct attacks in the past, but the difficulty in securing entire supply chains from multiple vendors is a wider and more daunting task,” he said. “Supply chain attacks are on the mind of the Federal Government, think tanks, and standards bodies looking for ways to address things like open-source software after the SolarWinds attack, and device vulnerabilities throughout the manufacturing industry.”
Jablanski noted that at the same time, the number of suppliers for some critical hardware components across manufacturing continue to decrease.
“There is no easy fix to this complexity, and we will likely continue to see similar incidents,” he said.
Chris Grove product director at Nozomi Networks said, this shutdown of a third of Toyota’s global production should serve as a stark reminder on the complexities of supply chains, how interdependent these systems are on each other, and the dangers criminals pose to society when they detonate malware in targeted systems.
“Ransomware operators may believe they’re hitting an isolated, insignificant victim, but the reality is they don’t really know, or understand, the ecosystem they’re impacting. Today, it’s an automobile manufacturer’s production lines, tomorrow it’s a hospital, dam, or other interconnected entity,” he said.
Tags: GMRansomwareToyota