US Bridgestone Tyres Hit by Ransomware – affects Toyota Supply Chain!

US Bridgestone Tyres Hit by Ransomware – affects Toyota Supply Chain!

A ransomware attack affected Bridgestone Americas, weeks after another Toyota supplier experienced the this too, & a 3rd reported some sort of cyber hit.

Last Fri., Bridgestone Corp. admitted that a subsidiary experienced a ransomware attack in Feb., causing it to shut down the computer network & production at its factories in North & Middle America for about a week, said Reuters.

Toyota Vehicles

Bridgestone is a major supplier of tyres for Toyota vehicles. This is relevant because, only 11 days after Bridgestone’s attack, another Toyota supplier – Denso Corp. – fell victim to its own ransomware attack.

Manufacturers like Toyota, already hampered by supply chain shortages, are proving to be particularly attractive targets for ransomware groups.

Late last month, within hours of Japan having joined Western allies in blocking some Russian banks from accessing the SWIFT international payment system, & committing to giving Ukraine $100m in emergency aid, a spokesperson at Toyota supplier Kojima Industries Corp. outlined that it had apparently been hit by “some kind of cyber-attack,” causing Toyota to shut down about a 3rd of the company’s global production.

3 Suppliers

Bridgestone was apparently cyber-attacked at or around the same time.

The company revealed that Bridgestone Americas detected “a serious IT security incident” on Feb. 27. “Since then, we have proactively notified federal law enforcement & are staying in communication with them,” according to its statement.

The company explained that it’s also “working around the clock” with external security advisors to determine the scope & nature of the incident, which its investigation determined was a ransomware attack, but not a targeted one.

“Unfortunately, ransomware attacks similar to this one are increasing in sophistication & affecting 1,000s of organisations of all sizes,” Bridgestone stated.

Tennessee 

Just after midnight on Feb. 28, a workers’ union at a Bridgestone plant in Warren County, Tennessee posted on Facebook about “a potential information security incident,” discovered “in the early morning hours” the day before.

“Out of an abundance of caution, we disconnected many of our manufacturing and re-treading facilities in Latin America & North America from our network to contain & prevent any potential impact,” the post continued. “1st shift operations were shut down, so those employees were sent home.”

Pattern of Behaviour

The effect was felt in cities far & wide. Even days later, plants stayed shut & workers stayed home. Bridgestone America only resumed normal operations “about a week” in, according to Reuters.

Bridgestone observed that the threat player followed “a pattern of behaviour common to attacks of this type by removing information from a limited number of Bridgestone systems & threatening to make this information public.”

‘Lock Bit’ Claimed Attack

The ‘Lock Bit’ ransomware group claimed the attack.

According to multiple sources, the group gave the company a window to pay up before they’d release the data & added a countdown timer for dramatic effect.

Toyota’s next supply chain attack was less dramatic. On Mar. 10, Denso – formerly of Toyota, now a breakaway supplier of technology & parts – discovered that “its group company in Germany network was illegally accessed by a 3rd party,” according to a company statement.

“DENSO promptly cut off the network connection of devices that received unauthorised access & confirmed that there is no impact on other DENSO facilities. Details are under investigation, there is no interruption to production activities.”

Dark Web intelligence group Dark Tracer tweeted that a different group – Pandora – was responsible this time.

Manufacturers

The global supply chain has enabled manufacturers to be really efficient in their day-to-day operations.

When supplies arrive on a consistent & reliable schedule, plants can perform “just-in-time” production, minimising inventory costs & time wasted. (Toyota is credited with inventing this philosophy.)

However, COVID-19 demonstrated the risks in just-in-time production, & ransomware is proving it again. When a perfectly arrangement of suppliers, workers, schedules & processes is interrupted by an IT shutdown & there’s not much inventory to fall back on – the consequences are felt more quickly & more severely than otherwise.

Management Strategy

“With ransomware attacks hitting major suppliers and companies like Bridgestone & Toyota, now is the time for enterprises to prioritise their cyber asset management strategy,” Keith Neilson of Cloud Sphere explained.

“Organisations need to have a clear understanding of their entire cyber asset inventory & security coverage gaps for existing security controls to work.”

Strict Security

“Organisations should start by discovering all cyber assets in their IT environment,” he continued, “understanding connections between business services, and enforcing strict security guardrails.” With a full picture of IT infrastructure and security controls, plant managers can design fail-safes for when the worst-case scenario occurs.

Perhaps, in the future, manufacturers will be as efficient in their ransomware responses as they are in their day-to-day operations.

 

SHARE ARTICLE