Recently there was a significant data breach in Toyota’s supply chain, halting operations at 14 car manufacturing plants, causing an estimated shortfall of 13,000 vehicles. It is reported that plastics supplier Kojima Industries was the victim of a breach.
Dr Süleyman Özarslan, who is the co-founder at Picus Security, a security business specialising in simulating the attacks of cybercriminal gangs, provides an overview of the Toyota incident.
Özarslan believes it is important that Kojima is a Tier one partner of Toyota’s, suggesting that it may be directly connected to Toyota’s internal networks. This brings with it the issue that big corporations may be adequately protected; however, the other companies that they partner with are not necessarily as secure.
Should a cybersecurity incident occur with a company within the supply chain the consequences can be significantly severe to bring down a major player.
This is central to Özarslan’s thesis: “It’s highly disconcerting that a cyberattack can pump the brakes on production at the world’s best-selling car maker. As like many of the largest cyber incidents in recent years, this was a supply chain breach.”
With the specific incident, Özarslan explains: “Toyota has suspended production due to a single breached partner, Kojima Industries, which underscores the impact of supply chain risks in such a complex and multi-faceted sector. Kojima Industries is a tier-1 supplier of Toyota, which may be a significant detail.”
Explaining this in more detail, Özarslan looks at the ways of working for automobile manufacture: “Because of Toyota’s just-in-time production methodology, tier-1 suppliers like Kojima may be directly connected to Toyota’s internal networks. Naturally, just-in-time production methodologies are more sensitive to cyberattacks. As such, and as a consequence of stories like this one, cyberattacks may play a vital role in shaping production methodologies in the near future.”
Özarslan also looks at the process of criminal activity, noting: “This incident also demonstrates the reach of modern cybercriminal gangs, who have the power and resources to hit the biggest organisations on the planet – whether directly or indirectly. It is precisely the kind of scenario security pros have been warning about for years. The financial and operational costs of such a delay are likely to run in the millions.”
Certainly, criminal activity is the most likely factor in the cyber-incident affecting the car giant. Özarslan probes the issue: “We don’t yet know the nature of this cyber incident, but big game ransomware gangs are known to target the manufacturing sector and organisations with a similar profile to Kojima. We’ve seen APT groups like Group 72 and Emissary Panda target manufacturing businesses in Asia in recent years. The Ranzy Locker ransomware gang also compromised several manufacturing, government, and technology businesses last year.”
The lesson that needs to be drawn from this event is, according to Özarslan, that: “Factories will always remain a lucrative target for ransomware. Attackers know that manufacturing businesses cannot afford long periods of downtime, such is their importance in the global supply chain. Rightly or wrongly, they are assumed to funds required to pay a big ransom, and the inclination to do so as quickly as possible.”