On Friday, Bridgestone Corp. admitted that a subsidiary experienced a ransomware attack in February, prompting it to shut down the computer network and production at its factories in North and Middle America for about a week, said Reuters.
Among other things, Bridgestone is a major supplier of tires for Toyota vehicles. This is notable because, only 11 days after Bridgestone’s attack, another Toyota supplier – Denso Corp. – fell victim to its own ransomware attack.
Manufacturers like Toyota, already hampered by supply chain shortages, are proving to be particularly attractive targets for ransomware groups.
Late last month, within hours of Japan having joined Western allies in blocking some Russian banks from accessing the SWIFT international payment system and committing to giving Ukraine $100 million in emergency aid, a spokesperson at Toyota supplier Kojima Industries Corp. said that it had apparently been hit by “some kind of cyber attack,” causing Toyota to shut down about a third of the company’s global production.
Three Suppliers Pegged
Bridgestone was apparently cyberattacked at or around the same time.
The company told Threatpost that Bridgestone Americas detected “a serious IT security incident” on Feb. 27. “Since then, we have proactively notified federal law enforcement and are staying in communication with them,” according to its statement.
The company said that it’s also “working around the clock” with external security advisors to determine the scope and nature of the incident, which its investigation determined was a ransomware attack, albeit not a targeted one.
“Unfortunately, ransomware attacks similar to this one are increasing in sophistication and affecting thousands of organizations of all sizes,” Bridgestone said.
Shortly after midnight on Feb. 28, a workers’ union at a Bridgestone plant in Warren County, Tennessee posted on Facebook about “a potential information security incident,” discovered “in the early morning hours” the day prior.
“Out of an abundance of caution, we disconnected many of our manufacturing and retreading facilities in Latin America and North America from our network to contain and prevent any potential impact,” the post continued. “First shift operations were shut down, so those employees were sent home.”
The impact was felt in cities far and wide. Even days after the fact, plants stayed down and workers stayed home. Bridgestone America only resumed normal operations “about a week” in, according to Reuters.
Bridgestone said that the threat actor followed “a pattern of behavior common to attacks of this type by removing information from a limited number of Bridgestone systems and threatening to make this information public.”
LockBit Claimed Attack
Indeed, the Lockbit ransomware group claimed the attack for themselves.
According to multiple sources, the group gave the company a window to pay up before they’d release the data and added a countdown timer for dramatic effect.
Toyota’s next supply chain attack was less dramatic, relatively speaking. On March 10, Denso – formerly of Toyota, now a breakaway supplier of technology and parts – discovered that “its group company in Germany network was illegally accessed by a third party,” according to a company statement. “DENSO promptly cut off the network connection of devices that received unauthorized access and confirmed that there is no impact on other DENSO facilities. Details are under investigation, there is no interruption to production activities.”
Dark Web intelligence group DarkTracer tweeted that a different group – Pandora – was responsible in this case.
DENSO was listed on the victim list by ROOK in December 2021 and Pandora ransomware gang in March 2022. pic.twitter.com/tFcRP0iSx3
— DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) March 15, 2022
Manufacturers Are Easy Marks
The global supply chain has enabled manufacturers to be incredibly efficient in their day-to-day operations. When supplies roll in on a consistent and reliable schedule, plants can perform “just-in-time” production, minimizing inventory costs and time wasted. (Toyota is actually credited with inventing this operating philosophy.)
However, COVID-19 demonstrated the risks in just-in-time production, and ransomware is proving it again. When a perfectly choreographed dance of suppliers, workers, schedules and processes is interrupted by an IT shutdown – and there’s not much inventory to fall back on, on top of that – the consequences are felt more quickly and more severely than they otherwise would be.
“With ransomware attacks hitting major suppliers and companies like Bridgestone and Toyota, now is the time for enterprises to prioritize their cyber asset management strategy,” Keith Neilson of CloudSphere told Threatpost via email. “Organizations need to have a clear understanding of their entire cyber asset inventory and security coverage gaps for existing security controls to work.
“Organizations should start by discovering all cyber assets in their IT environment,” he continued, “understanding connections between business services, and enforcing strict security guardrails.” With a full picture of IT infrastructure and security controls, plant managers can design failsafes for when the worst-case scenario occurs.
Perhaps, in the future, manufacturers will be as efficient in their ransomware responses as they are in their day-to-day operations.
Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our FREE downloadable eBook, “Cloud Security: The Forecast for 2022.” We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.