What was potentially a cyberattack hit one of Toyota’s parts suppliers, causing the company to move to shut down about a third of the company’s global production tomorrow, the company announced on Monday.
Toyota doesn’t know how long the 14 plants will be unplugged. The closure will mean that the company’s output will shrink by around 13,000 cars.
Reuters reported that within hours of Japan having joined Western allies in blocking some Russian banks from accessing the SWIFT international payment system and committing to giving Ukraine $100 million in emergency aid, a spokesperson at Toyota supplier Kojima Industries Corp. said that it had apparently been hit by “some kind of cyber attack.”
Kojima supplies plastic parts and electronic components to Toyota.
The attack hasn’t been confirmed. Toyota, for its part, is calling the incident a “supplier system failure,” according to Reuters. The shutdown will also reportedly affect some of the plants operated by Toyota affiliates Hino Motors and Daihatsu.
Threatpost has reached out to Toyota for comment.
If the incident does turn out to be a cyberattack, it wouldn’t be the first to affect Toyota. In 2020, its Australian subsidiary confirmed that it was under attack – an attack that forced it to send employees home.
Cleanup wasn’t pretty. The subsidiary’s IT infrastructure manager, Michael Mirabito, said at a 2021 conference that it was “painful” to rebuild its IT helpdesk systems and configuration management database (CMDB).
The giant automaker uses Just-in-Time (JiT) manufacturing, Reuters pointed out. That means that it doesn’t stockpile parts sent by suppliers. Rather, Toyota makes cars one at a time, eschewing the stockpiling of parts and instead using supplier-provided parts in its production line as soon as they arrive.
The Weak Spot of Securing Supply Chains
It’s an approach that has its downsides, experts said. As it is, supply chains have already been disrupted by the pandemic.
Danielle Jablanski, operational technology (OT) security strategist at OT and IoT security provider Nozomi Networks, told Threatpost on Monday that the incident highlights “a single point of failure for business interruption resulting in a loss of production.”
It’s also an example of “a major cyber risk for ‘Just-In-Time’ manufacturing,” Jablanski asserted. “Toyota has thwarted direct attacks in the past, but the difficulty in securing entire supply chains from multiple vendors is a wider and more daunting task,” Jablanski said. “Here in the United States, supply-chain attacks are on the mind of the federal government, think tanks and standards bodies looking for ways to address things like open-source software after the SolarWinds attack, and device vulnerabilities throughout the manufacturing industry.”
The notorious SolarWinds supply-chain attacks entailed adversaries (likely nation-state-backed) that injected malicious code into normal software updates for the Orion network-management platform. This installed the Sunburst/Solorigate backdoor inside the platform, which the attackers were subsequently able to take advantage of in targeted attacks on the U.S. Departments of Treasury and Commerce, DHS, FireEye and others around the world.
Jablanski said more supply-chain attacks are sure to come, given the shrinking of the supplier pool: “We see the number of suppliers for some critical hardware components across manufacturing continue to decrease,” she said. “There is no easy fix to this complexity, and we will likely continue to see similar incidents.”
Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our FREE downloadable eBook, “Cloud Security: The Forecast for 2022.” We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.
