The auto manufacturing industry maintains a mass amount of
intellectual property. This is based on legacy systems and models, along with
current models. A gold mine within this realm are the models being designed and
the new technologies in the vehicles presently and planned for the future. This
not only includes electrical engineering but also everything associated with autonomous drive vehicles. This concept has been in process for well over a
decade. An attacker breaching a system and exfiltrating code, which had taken
over a decade to get to a workable level, has a rather significant value. The
well-used, with positive results for the attacker, ransomware attack also would
be a good fit for this scenario.
With any attack vector with a reasonable potential for a
breach, an auto manufacturer certainly is a viable target. An attack in early 2019
certainly exemplified.
Target
Toyota Australia is an OEM located in Australia. As with the
other vehicle manufacturers, there is a wealth of data to exfiltrate or
leverage for the attacker’s gain. The business was targeted and attacked in
February 2019.
Methodology
The attack began on February 20, 2019. With this attack, as
with many others, the details are scant. This could have been a great learning
activity, especially since the defenses held, apparently. The attacker’s focus
was on the email system. This was not operating for at least three days. This
crippled their communication, internal and external. Fortunately, the dealer
network was not affected.
With this attack, since it was not successful, it would have
been useful to know at least a portion of the details. If this were to be a
successful attack, one could understand why the details would not be made public
until the issue was remediated.
Action
As the email system was being attacked, this mode of
communication was not operational. The employees had to use other means to
communicate with each other. While this was required in order to conduct
business, the other methods and means may have had vulnerabilities and
inherent, systemic risks. This includes having no control or monitoring over
any confidential data leaving the business. This also was being sent through a
third party.
The IT Department worked through the attack. At one point,
they simply sent the staff home. The business also contracted with
cybersecurity experts from around the globe to help with the issue.
Results
As noted, the email system was down for a few days. While a
significant detriment, this was not critical. Toyota Australia released a
statement noting, in part, they believe after their investigation, the private employee
or customer data had not been accessed, which is a good thing. The IT Department
was working diligently to have the affected systems operational ASAP.
Resources
Bites, C. (2019, February 21). Toyota Australia confirms
cyber attack. Retrieved from https://www.itsecurityguru.org/2019/02/21/toyota-australia-confirms-cyber-attack/
Charlwood, S. (2019, February 21). Toyota Australia rocked
by cyber attack. Retrieved from https://www.motoring.com.au/toyota-austrailia-rocked-by-cyber-attack-117076/
Duckett, C. (2019, February 21). Toyota Australia confirms ‘attempted
cyber attack’. Retrieved from https://www.zdnet.com/article/toyota-australia-confirms-attempted-cyber-attack/
Moore, J. (2019, February 21). Toyota Australia confirms
cyber attack. Retrieved from https://www.informationsecuritybuzz.com/expert-comments/toyota-australia-confirms-cyber-attack/
SBS News. (2019, February 21). Toyota Australia embroiled in
cyber threat. Retrieved from https://www.sbs.com.au/news/toyota-austraila-embroiled-in-cyber-attack
Tan, A. (2019, February 21). Toyota Australia under cyber
attack. Retrieved from https://www.computerweekly.com/news/25248-86/Toyota-Australia-under-cyber-attack
Toyota. (2019, February 21). Toyota Australia statement re
attempted cyber attack. Retrieved from https://www.toyota.com.au/news/toyota-australia-statement-re-attempted-cyber-attack
No comments:
Post a Comment