Two weeks after Toyota Motor Corp. was forced to halt manufacturing at its plants in Japan following an attack on supplier Kojima Industries Corp., another Toyota supplier has been targeted in a cyberattack.
The latest attack involved Denso Corp., a global automotive manufacturer based in Japan that is also 25% owned by Toyota. The Pandora ransomware gang has claimed responsibility and said it has stolen 1.4 TB of data belonging to Toyota, NHK reports. The data stolen is believed to include trade secrets, including over 157,000 purchase orders / invoices, emails and parts diagrams.
Denso described the attack in a statement as illegal access to a subsidiary in Germany on March 10. The company cut off the network connection of affected devices and confirmed there was no impact on other Denso facilities. The attack is under investigation, authorities have been informed and the company is working with specialized cyber security agencies to deal with the situation.
While Pandora has claimed responsibility for the attack, it is not certain that ransomware was used or whether it was just straight data theft with a ransom demanded not to release the stolen data. This was the same with the attack on Kojima Industries and several recent attacks; pure data theft and extortion is an emerging trend among some criminal enterprises previously known for ransomware attacks alone.
Also notable is that Denso would have been linked to Toyota’s kanban just-in-time production control system. It could simply be a coincidence, but that platform connects all of Toyota’s suppliers and is a common link between the victims.
“As this is the second of Toyota’s suppliers to be targeted by threat actors, perhaps it’s time for Toyota to reevaluate its once lauded strategy and RESCUE (REinforce Supply Chain Under Emergency) supply chain database system – which identifies parts and vulnerability information of over 650,000 supplier sites, ”Tom Garrubba, vice president of risk management company Shared Assessments LLC, told SiliconANGLE. “Perhaps Toyota should consider evaluating third-party risk due diligence with respect for strong cyber hygiene.”
“For years, many manufacturers have focused on the availability of those products and services that feed into the outsourcer’s own end-product,” Garrubha explained, “however, the outsourcer often fails to assess key resilience controls such as security and recoverability of critical systems and processes that allow the product or service to be provided by the supplier. ”
Chris Clements, vice president of solutions architecture at IT service management company Cerberus Cyber Sentinel Corp. noted that “this attack highlights how important it is that all of an organization’s business units are equally prepared to fend off a cyberattack.”
“Cybercriminals will always exploit the weakest link, and in today’s interconnected networks can do significant damage by compromising even a small business unit,” Clements added. “It’s no longer enough for businesses to solely focus on their ability to prevent or recover from a ransomware attack as attackers now routinely steal mass amounts of data as part of their operations.”
“Data theft is in some ways more insidious than traditional ransomware as once the information stolen there is no way to verify that the attacker will actually delete the information instead of attempting to resell it on the dark web or simply release it publicly,” Clemments concluded .