Update: Toyota to Resume Ops After Cyberattack ScareJapan Ministry, National Police Agency Probe Incident
Toyota Motor Corp., one of Japan's largest car manufacturers, on Monday reportedly said was suspending its operations on Tuesday following a suspected cyberattack on Kojima Industries, a manufacturing partner of Toyota. According to a report from media agency Nikkei Asia, the operation suspension affected two of Toyota's subsidiaries: Hino Motors and Daihatsu Motor Corp.
While the severity of the cyberattack was unknown on Monday, Toyota confirmed on Tuesday that it will resume operations from Wednesday.
"Due to a system failure at a domestic supplier – Kojima Industries Corporation - we suspended our operations on all 28 lines at 14 domestic plants in Japan today, Tuesday, March 1. However, we have decided to resume all operations from the first shift tomorrow, Wednesday, March 2," the company says.
Nikkei Asia says the cyberattack took place at Toyota's manufacturing partner Kojima Industries Corp., whose website and plant, at the time of writing, appear to be offline. It is not known whether the website was taken offline by the company itself to contain or investigate the attack or was affected during the cyberattack.
According to preliminary investigation reports, Nikkei says that Kojima's parts supply management system has been affected, which means that Toyota must suspend its 28 lines across 14 manufacturing plants in Japan.
News agency Reuters says that the suspension of services from Toyota and its subsidiaries will affect the manufacturing of around 13,000 cars - its daily output. But Nikkei states that the number stands at 10,000, which is 5% of Toyota's monthly output in Japan.
Nikkei confirmed the cyberattack, citing an official at Kojima who reportedly told the media agency, "It is true that we have been hit by some kind of cyberattack. We are still confirming the damage and we are hurrying to respond, with the top priority of resuming Toyota's production system as soon as possible."
Kojima Industries Corp. has not yet responded to Information Security Media Group's request for a comment on the reported cyberattack.
Retaliation for Sanctions?
The cyberattack has come to light just a day after Japanese Prime Minister Fumio Kishida condemned the attack by Russia on its neighbor Ukraine. But a connection between the two events has not been established.
Japan declares firm support for the sovereignty and territorial integrity of Ukraine and stands together with the citizens of Ukraine who are doing their utmost in taking actions to defend their homeland and their families.https://t.co/jcdbbESD5B https://t.co/atyTiJWfTc— 岸田文雄 (@kishida230) February 28, 2022
In a press release published yesterday, the Japanese prime minister announced further sanctions, including export controls and an asset freeze on Russia's financial institutions as well as on top government officials, including Russian President Putin himself. It has also extended its support to ban Russia from the SWIFT international payment system.
The Society for Worldwide Interbank Financial Telecommunication - SWIFT - is a global payments system used by more than 11,000 financial institutions and companies across over 200 countries. It allows smooth and rapid transfer of money across borders.
The Japanese prime minister has already sanctioned loans worth $100 million for Ukraine. Japan will now provide another $100 million worth of emergency humanitarian assistance to Ukrainian people facing hardships amid the grueling war taking place, Kishida says.
The cyberattacks could be a repercussion of Japan’s stand against Russia, which has already been accused of cyberattacks aimed at Ukraine (see: Russia-Ukraine Updates: Cybersecurity News Amid Conflict). But Kishida says he does not want to blame Russia before thoroughly investigating the incident. "It is difficult to say whether this has anything to do with Russia before making thorough checks," he was quoted telling reporters in a press brief, according to Reuters.
Kishida said the government would investigate the incident and seek to identify whether there was any Russian involvement.
Hirokazu Matsuno, Japan's chief cabinet secretary, in a press conference on Tuesday confirmed that it was aware of the Toyota cyberattack. "We understand that the cause is a cyberattack but for more information you'll have to wait as the investigation is still going on," Matsuno says.
He also briefed the media that the Ministry of Economy, Trade and Industry - or METI - and the National Police Agency of Japan were coordinating with the victim company and investigating the incident further.
On Russia's possible involvement in the attack, Matsuno says, "I would like to refrain from giving a response based on speculation." But Matsuno adds that with the ongoing Russia-Ukraine conflict, the government believes cyber risks such as ransomware and DDoS attacks are at an all-time high and that Japanese companies, especially the industrial sector, should be alert.
Matsuno also says that companies, as well as their vendors and third-party suppliers, along with the tools they use, can be targeted. This can have a crippling effect on the entire supply chain, Matsuno says, citing as evidence the Toyota incident.
Be Ready for More Such Incidents
Danielle Jablanski, an OT security strategist at Nozomi Networks, tells ISMG that the incident highlights a single point of failure for business interruption resulting in a loss of production. "Toyota has thwarted direct attacks in the past, but the difficulty in securing entire supply chains from multiple vendors is a wider and more daunting task," says Jablanski, who also notes the attack is an example of the cyber risk for "just-in-time" manufacturing businesses as well.
She says: "Supply chain attacks are on the mind of governments, think tanks and standards bodies looking for ways to address things like open-source software after the SolarWinds attack and device vulnerabilities throughout the manufacturing industry. At the same time, we see the number of suppliers for some critical hardware components across manufacturing continue to decrease. There is no easy fix to this complexity, and we will likely continue to see similar incidents."
In his press conference, Matsuno also says that METI had, last week, advised companies in the country to ramp up countermeasures against cyberattacks amid geopolitical tensions surrounding Ukraine.
Update: March 1, 7.45 am EST: This story has been updated to include updates from Toyota Motor Corp. on resumption of operations; excerpts from a press conference with Hirokazu Matsuno, Japan's chief cabinet secretary; and comments from Danielle Jablanski, an OT security strategist at Nozomi Networks.