Toyota ransomware attack shows that businesses need a cyber re-think


Toyota, the world’s largest carmaker has halted production at all of its plants in Japan after a ransomware attack on a key supplier. This marks another major enterprise casualty as hackers continue to see rising success with ransomware attacks.

Jamie Moles, Senior Technical Manager at ExtraHop, made the following comment:

“Even the largest organisations like Toyota can and are falling victim to cyberattacks – but what does this mean for businesses with smaller security budgets?

There are a few things businesses can do to avoid such a fate. Continuous monitoring of the network for the use of insecure protocols is one example. This will flag suspicious behaviour for example, if known devices are introduced or reintroduced as new devices each time they appear online or SMB data staging. Both represent behaviour often associated with cybercrime.

Also, having complete transparency in the supply chain will allow for immediate detection and isolation of the infected area. The attack on Toyota’s parts supplier Kojima, and Toyota’s reliance on a ‘Just-in-time’ supply chain for its parts,  forced 28 lines at 14 different plants to be suspended, detrimentally affecting the whole supply chain system. Having a quick response will allow identification of where the threat actor entered so developers can mitigate risk and, if possible, patch vulnerable code.

Realistically it’s not possible to stop every single attack. Preventing criminals from entering the network is still important but IT security needs a plan for when an attack or intrusion does happen to catch determined threats as quickly as possible before too much damage is done. Ensuring good protocol, network segmentation, and behavioural monitoring of the environment is essential for organisations to help protect themselves.”