What Caused The Ransomware Attack On Toyota? Experts Insight

By   ISBuzz Team
Writer , Information Security Buzz | Mar 15, 2022 03:54 am PST

Toyota, the world’s largest carmaker has halted production at all of its plants in Japan after a ransomware attack on a key supplier. This marks another major enterprise casualty as hackers continue to see rising success with ransomware attacks.

Notify of
18 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Garret F. Grajek
March 15, 2022 11:54 am

Supplier attacks are real – and effect not just the supplier but the full chain of customers. Attackers and ransomware agents know this and extort accordingly. The attack on the Japanese supplier Denso follows a halt to Toyota production in February for a separate ransomware attack. Attackers are constantly scanning all our systems – both critical infrastructure, manufacturers and governments – especially the ransomware attackers. They see money in these vulnerable systems. Patching usually can not address the vulnerabilities fast enough – thus the mitigation falls to new methodologies like zero trust and real time identity governance to identify anomalous and suspicious identity behaviors.

Last edited 1 year ago by Garret F. Grajek
Tom Garrubba
Tom Garrubba , Senior Director and CISO
March 15, 2022 11:52 am

As this is the second of Toyota’s suppliers to be targeted by threat actors, perhaps it’s time for Toyota to reevaluate its once lauded strategy and RESCUE (REinforce Supply Chain Under Emergency) supply chain database system – which identifies parts and vulnerability information of over 650,000 supplier sites – to perhaps consider evaluating third party risk due diligence with respect to strong cyber hygiene.

For years, many manufactures have focused on the availability of those products and services that feed into the outsourcer’s own end-product, however, the outsourcer often fails to assess key resilience controls such as security and recoverability of critical systems and processes that allow the product or service to be provided by the supplier. Failure to do so can bring about disruptions with often disastrous results to financial and reputational loss for both outsourcer and supplier.

Last edited 1 year ago by Tom Garrubba
Chuck Lewis
Chuck Lewis , Senior Cyber Security Specialist
March 10, 2022 1:03 pm

Ransomware attacks might seem more likely to happen to smaller companies not prepared for cyber attacks. However, when a ransomware attack on a key supplier recently interrupted Toyota’s operations, it reminds us that even the largest companies can fall victim to attacks like these, directly or indirectly. While many businesses may choose to pay off the ransom in this situation, it is important to bear in mind that often not all data is restored even when a ransom is paid. A better approach is to focus on preventing ransomware attacks and minimizing their potential impact.

This attack, among many others, illustrates the importance of taking the necessary precautions, no matter how big or small the business. Training employees to recognize threats, regularly backing up data offline, and having a regularly updated cyber security plan in place are some of the steps that any business can take to lessen the risk of damage from a cyber attack.

Last edited 1 year ago by Chuck Lewis
Frances Zelazny
Frances Zelazny , Co-Founder and CEO
March 10, 2022 1:00 pm

The Toyota breach is yet another casualty amid a surge of ransomware attacks in the past year. Any type of cyberattack can be highly detrimental to an organization\’s success and can easily throw off production plans, as demonstrated by the shut down of 14 Toyota plants in Japan. This not only has an impact on the company, but the greater auto supply chain ecosystem as well which is already facing disruption.

It is important to consider how ransomware happens in the first place – either through stolen credentials or via phishing. Both these mechanisms point to the need for improved authentication mechanisms that ensure that people are who they claim to be when they access corporate networks. Device authentication, passwords and tokens are simply not enough. Today’s security posture should be based on zero trust, and strong identity management is at the core of that. 

This attack is further evidence that no organization is safe and greater attention to increased privacy and security is imperative.

Last edited 1 year ago by Frances Zelazny
Mark Sangster
Mark Sangster , Principal Evangelist and VP Industry Security Strategies
March 9, 2022 12:28 pm

Supply-chain risk continues to threaten businesses. The attacks on SolarWinds Orion (2020), Kesaya (2021) and the plethora of exploitations of vulnerabilities in Microsoft, Citrix, Cisco, etc. demonstrate that criminals know how to exploit supply chain and IT infrastructure as a key strategy in their cybercrime campaigns.

More broad supply chain attacks use age old military tactics: attack the weakest point. Going after small(er) supply chain participants makes for a softer target and easier access to the larger players upstream in the ecosystem, as we’ve most recently seen in the case of Toyota and one of their key suppliers, Kojima Industries, who was hit by a ransomware attack. Coupled with Covid-caused supply shortages and just-in-time methods, disabling a key part of a supply chain can be extremely costly for the major player or anchor in the chain (As a result, Toyota suspended operations of 28 lines at 14 plants in Japan.)

While attacks on IT infrastructure cause widespread effects, much like critical infrastructure, IT offers another advantage to criminals. Poisoning source code or using administrative tools to deliver malicious payloads reduces the risk of detection. Zero days are costly to develop. Targeting one company protects the criminal’s investment. And once the well is poisoned, criminals have access to the downstream customers and a large addressable market to target with their malware and likely ransomware attacks.

Companies that are prepared for such eventuality tend to fair better. For example, fundamental security controls like multifactor authentication, least privilege policies, keeping systems patched and updated, and segmentation of factory floor (operational) and IT systems greatly increase the chance of detecting suspicious activity before it becomes business disrupting. That said, it’s always wise to prepare by developing and testing an incident response plan and keeping an incident response firm on retainer in case of a devastating attack, reduce downtime, lost revenue and can lead to quicker and less costly recovery times.

Last edited 1 year ago by Mark Sangster

Recent Posts

Would love your thoughts, please comment.x