On Friday, Bridgestone Corp. admitted that a subsidiary experienced a ransomware attack in February, prompting it to shut down the computer network and production at its factories in North and Middle America for about a week, said Reuters.
Bridgestone is a major supplier of tires for Toyota vehicles. This is notable because, only 11 days after Bridgestone’s attack, another Toyota supplier, Denso Corp., fell victim to its ransomware attack.
Manufacturers like Toyota, already hampered by supply chain shortages, are proving to be attractive targets for ransomware groups.
Late last month, within hours of Japan having joined Western allies in blocking some Russian banks from accessing the SWIFT international payment system and committing to give Ukraine $100 million in emergency aid, a spokesperson at Toyota supplier Kojima Industries Corp. said that it’s hit by “some kind of cyberattack,” causing Toyota to shut down about a third of the company’s global production.
Three Suppliers Pegged
Bridgestone was cyber-attacked at or around the same time.
The company said that Bridgestone Americas detected “a serious IT security incident” on Feb. 27. “Since then, we have proactively notified federal law enforcement and are staying in communication with them,” according to its statement.
The company said that it’s also “working around the clock” with external security advisors to determine the scope and nature of the incident, which its investigation determined was a ransomware attack, albeit not a targeted one.
“Unfortunately, ransomware attacks similar to this one are increasing in sophistication and affecting thousands of organizations of all sizes,” Bridgestone said.
Shortly after midnight on Feb. 28, a workers’ union at a Bridgestone plant in Warren County, Tennessee posted on Facebook about “a potential information security incident,” discovered “in the early morning hours” the day prior.
“Out of an abundance of caution, we disconnected many of our manufacturing and retreading facilities in Latin America and North America from our network to contain and prevent any potential impact,” the post continued. “First shift operations were shut down, so those employees were sent home.”
Cities far and wide felt the impact. Even days after the fact, plants stayed down, and workers stayed home. Bridgestone America only resumed normal operations “about a week” in, according to Reuters.
Bridgestone said that the threat actor followed “a pattern of behavior common to attacks of this type by removing information from a limited number of Bridgestone systems and threatening to make this information public.”
LockBit Claimed Attack
Indeed, the LockBit ransomware group claimed the attack for themselves.
According to multiple sources, the group gave the company a window to pay up before they’d release the data and added a countdown timer for dramatic effect.
Toyota’s next supply chain attack was less dramatic, relatively speaking. On March 10, Denso, formerly of Toyota, now a breakaway supplier of technology and parts, discovered that “its group company in Germany network was illegally accessed by a third party,” according to a company statement. “DENSO promptly cut off the network connection of devices that received unauthorized access and confirmed that there is no impact on other DENSO facilities. Details are under investigation, there is no interruption to production activities.”
Dark Web intelligence group DarkTracer tweeted that a different group, Pandora, was responsible in this case.
Manufacturers Are Easy Marks
The global supply chain has enabled manufacturers to be incredibly efficient in their day-to-day operations. When supplies roll in on a consistent and reliable schedule, plants can perform “just-in-time” production, minimizing inventory costs and time wasted. (Toyota invented this operating philosophy.)
However, COVID-19 demonstrated the risks in just-in-time production, and ransomware is proving it again. When a perfectly choreographed dance of suppliers, workers, schedules, and processes gets interrupted by an IT shutdown, and there’s not much inventory to fall back on, the consequences felt quick and severe than they otherwise would be.
“With ransomware attacks hitting major suppliers and companies like Bridgestone and Toyota, now is the time for enterprises to prioritize their cyber asset management strategy,” Keith Neilson of CloudSphere said. “Organizations need to have a clear understanding of their entire cyber asset inventory and security coverage gaps for existing security controls to work.”
“Organizations should start by discovering all cyber assets in their IT environment,” he continued, “understanding connections between business services, and enforcing strict security guardrails.” With a full picture of IT infrastructure and security controls, plant managers can design failsafe for when the worst-case scenario occurs.
Perhaps, in the future, manufacturers will be as efficient in their ransomware responses as they are in their day-to-day operations.