10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
On Friday, Bridgestone Corp. admitted that a subsidiary experienced a ransomware attack in February, prompting it to shut down the computer network and production at its factories in North and Middle America for about a week, said Reuters.
Among other things, Bridgestone is a major supplier of tires for Toyota vehicles. This is notable because, only 11 days after Bridgestone’s attack, another Toyota supplier – Denso Corp. – fell victim to its own ransomware attack.
Manufacturers like Toyota, already hampered by supply chain shortages, are proving to be particularly attractive targets for ransomware groups.
Late last month, within hours of Japan having joined Western allies in blocking some Russian banks from accessing the SWIFT international payment system and committing to giving Ukraine $100 million in emergency aid, a spokesperson at Toyota supplier Kojima Industries Corp. said that it had apparently been hit by “some kind of cyber attack,” causing Toyota to shut down about a third of the company’s global production.
Bridgestone was apparently cyberattacked at or around the same time.
The company told Threatpost that Bridgestone Americas detected “a serious IT security incident” on Feb. 27. “Since then, we have proactively notified federal law enforcement and are staying in communication with them,” according to its statement.
The company said that it’s also “working around the clock” with external security advisors to determine the scope and nature of the incident, which its investigation determined was a ransomware attack, albeit not a targeted one.
“Unfortunately, ransomware attacks similar to this one are increasing in sophistication and affecting thousands of organizations of all sizes,” Bridgestone said.
Shortly after midnight on Feb. 28, a workers’ union at a Bridgestone plant in Warren County, Tennessee posted on Facebook about “a potential information security incident,” discovered “in the early morning hours” the day prior.
“Out of an abundance of caution, we disconnected many of our manufacturing and retreading facilities in Latin America and North America from our network to contain and prevent any potential impact,” the post continued. “First shift operations were shut down, so those employees were sent home.”
The impact was felt in cities far and wide. Even days after the fact, plants stayed down and workers stayed home. Bridgestone America only resumed normal operations “about a week” in, according to Reuters.
Bridgestone said that the threat actor followed “a pattern of behavior common to attacks of this type by removing information from a limited number of Bridgestone systems and threatening to make this information public.”
Indeed, the Lockbit ransomware group claimed the attack for themselves.
According to multiple sources, the group gave the company a window to pay up before they’d release the data and added a countdown timer for dramatic effect.
Toyota’s next supply chain attack was less dramatic, relatively speaking. On March 10, Denso – formerly of Toyota, now a breakaway supplier of technology and parts – discovered that “its group company in Germany network was illegally accessed by a third party,” according to a company statement. “DENSO promptly cut off the network connection of devices that received unauthorized access and confirmed that there is no impact on other DENSO facilities. Details are under investigation, there is no interruption to production activities.”
Dark Web intelligence group DarkTracer tweeted that a different group – Pandora – was responsible in this case.
> DENSO was listed on the victim list by ROOK in December 2021 and Pandora ransomware gang in March 2022. pic.twitter.com/tFcRP0iSx3
>
> — DarkTracer : DarkWeb Criminal Intelligence (@darktracer_int) March 15, 2022
The global supply chain has enabled manufacturers to be incredibly efficient in their day-to-day operations. When supplies roll in on a consistent and reliable schedule, plants can perform “just-in-time” production, minimizing inventory costs and time wasted. (Toyota is actually credited with inventing this operating philosophy.)
However, COVID-19 demonstrated the risks in just-in-time production, and ransomware is proving it again. When a perfectly choreographed dance of suppliers, workers, schedules and processes is interrupted by an IT shutdown – and there’s not much inventory to fall back on, on top of that – the consequences are felt more quickly and more severely than they otherwise would be.
“With ransomware attacks hitting major suppliers and companies like Bridgestone and Toyota, now is the time for enterprises to prioritize their cyber asset management strategy,” Keith Neilson of CloudSphere told Threatpost via email. “Organizations need to have a clear understanding of their entire cyber asset inventory and security coverage gaps for existing security controls to work.
“Organizations should start by discovering all cyber assets in their IT environment,” he continued, “understanding connections between business services, and enforcing strict security guardrails.” With a full picture of IT infrastructure and security controls, plant managers can design failsafes for when the worst-case scenario occurs.
Perhaps, in the future, manufacturers will be as efficient in their ransomware responses as they are in their day-to-day operations.
_Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our _FREE downloadable eBook, “Cloud Security: The Forecast for 2022.”****We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.
bit.ly/3Jy6Bfs
en.wikipedia.org/wiki/Lean_manufacturing
securityaffairs.co/wordpress/128957/cyber-crime/bridgestone-americas-lockbit-ransomware.html
t.co/tFcRP0iSx3
threatpost.com/pandora-ransomware-hits-giant-automotive-supplier-denso/178911/
threatpost.com/pandora-ransomware-hits-giant-automotive-supplier-denso/178911/
threatpost.com/toyota-to-close-japan-plants-after-suspected-cyberattack/178686/
twitter.com/darktracer_int/status/1502871181556211721
twitter.com/darktracer_int/status/1503521358436872193?ref_src=twsrc%5Etfw
www.bleepingcomputer.com/news/security/bridgestone-americas-confirms-ransomware-attack-lockbit-leaks-data/
www.denso.com/global/en/news/newsroom/2022/20220314-g01/
www.desmoinesregister.com/story/money/business/2022/02/28/bridgestone-tire-factory-des-moines-cancels-shifts-amid-cyberattack/6972256001/
www.facebook.com/USW1155L/posts/5266327680068671
www.reuters.com/business/autos-transportation/japans-bridgestone-reports-ransomware-attack-us-subsidiary-2022-03-18/
www.reuters.com/business/japan-govt-cbank-executives-meet-ukraine-crisis-jolts-markets-2022-02-28/
www.wral.com/wilson-bridgestone-plant-sends-employees-home-amid-cyberattack/20163430/
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C