In the last week of February 2022, Toyota halted its production in Japan due to a cyberattack targeted at its major supplier. Therefore, the corporation opted to close down its computer network to prevent customers from the attack.
The computer systems were disrupted in Kojima Industries Corporation, leading to production stoppage. Kojima Industries Corporation is a Japan-based supplier of electronic automobile components and a member of the Toyota Group
.Japan Government's Stance on the Cyberattack
Shortly after the incident, Japan's government officials verified and announced that Kojima Industries servers were hacked, and the company's website has not been working since then.
The cyberattack took place soon after Japan joined its Western allies to pressure Russia in response to the war in Ukraine. However, it is unclear whether the two incidents are connected.
Therefore, given the ongoing situation in Ukraine, the Japanese government is examining the network attacks and has issued a warning to businesses to intensify their cybersecurity. There was no information on who carried out the attack or what motivated them.
Furthermore, it has been speculated that these attacks will have a broad impact, not just on the automobile supply chains but the customers as well.
According to a second statement after rebooting the server, Kojima Industries Corporation confirmed that it had been infected with a virus and discovered a threatening message. However, the message was not disclosed to the public.
Other Similar Cyberattacks in Japan
In February only, GMB Corp, a lower-tier water pumps and other auto components manufacturer, said its system was also hacked, perhaps by ransomware. Therefore, it stopped its production. Moreover, it was unclear whether the company would resume its production soon or not.
In recent years, cyberattacks have become more widespread in Japan. Japanese businesses have been delinquent in updating their networks to prevent these increased ransomware attacks by cybercriminals. The attacks, which may hold computer networks and essential data hostage, have primarily targeted companies.
Toyota's Current Situation
Toyota's 14 domestic factories were shut down in Japan, affecting the manufacturing of 13,000 automobiles. The company announced that it would resume its production on the 3rd of March 2022, but it was delayed due to other unknown circumstances.
On the 23rd of March, Toyota announced the suspension of eight more assembly lines in Japan in response to the earthquake.
A total of 18 lines at 11 factories are currently shut. The complete production is expected to resume on the 30th of March.
Moreover, in March, Toyota planned temporary shutdowns at numerous factories in Japan due to semiconductors and other components shortages. This equipment shortage happened before the cyberattack and data breach at Kojima Industries.
After the COVID-19 pandemic caused havoc on global supply chains and shortfalls of semiconductors and other components, Toyota, like many other automakers, had to drastically reduce its output.
However, as the first waves of the pandemic departed and the global supply of automobiles surged, Toyota stated its optimistic plans to create 9.3 million vehicles worldwide by the 31st of March 2022.
However, rising demand for semiconductors and frequent infection outbreaks drove the business to scale back its projections to nine million in the beginning of 2022, then to eight and a half million in February 2022.
Despite such difficulties, Toyota has been able to better adapt to the pandemic's disruptions than its competitors, having topped the worldwide auto sales rankings for two years.
Possible Malware Causing Production Stoppages in Toyota
Emotet is a potent malware used to acquire access to a victim's device before installing other harmful software, such as banking password stealers or ransomware, which locks a system until an extortion fee is paid.
The Japan Computer Emergency Response Team/Coordination Center offers cybersecurity information. According to one of its reports, the use of Emotet for hacking has surged from the first week of February 2022.
It's unclear whether Emotet was found in the servers of the Kojima Industries, the Toyota supplier. There are no statements regarding early indications of a hack and whether Emotet should be blamed for the outage.
Risk of Cyberattacks on Electric Vehicles (EVs)
As much as the EV sector assists in reducing the automobile industry's overall environmental impact, there is also a growth in cybersecurity attacks in EVs, posing dangers to the end consumers. A cyberattack on an electric vehicle can be hazardous to the driver or other passengers present in the vehicle. For instance, if an electric vehicle is hacked, the attacker can turn off headlights, deactivate brakes, or oversteer, thus compromising passengers' safety. Therefore, cyber-attacks against electric vehicles can put a driver's life in danger.
Furthermore, highly trained attackers can use complex methods to reduce the power of an electric vehicle's battery by 50 percent, which normal human drivers will not detect. Privacy is also an issue, as 22.9 percent of all cyberattacks in 2019 were reported to be related to privacy. Unlawful contact or disclosure costs an average of $1.52 million, while unauthorized data gathering costs an average of $1.61 million.
In conclusion, a cyberattack in the automobile industry can spread throughout its connected systems. A minute security breach will have millions worth of impact on the company and its adjoining companies. It also poses a threat to the end consumers, leading to fatal accidents. Hence, it is essential to secure the devices and systems with cybersecurity.