Cybersecurity and the Auto Industry
The auto manufacturing industry maintains a mass amount of intellectual property. This is based on legacy systems and models, along with current models. A gold mine within this realm are the models being designed and the new technologies in the vehicles presently and planned for the future. This not only includes the electrical engineering, but also everything associated with the autonomous drive vehicles. This concept has been in process for well over a decade. An attacker breaching a system and exfiltrating code, which had taken over a decade to get to a workable level, has a rather significant value. The well-used, with positive results for the attacker, ransomware attack also would be a good fit for this scenario.
With any attack vector with a reasonable potential for a breach, an auto manufacturer certainly is a viable target. An attack in early 2019 certainly exemplified.
Toyota Australia is an OEM located in Australia. As with the other vehicle manufacturers, there is a wealth of data to exfiltrate or leverage for the attacker’s gain. The business was targeted and attacked in February 2019.
The attack began on February 20, 2019. With this attack, as with many others, the details are scant. This could have been a great learning activity, especially since the defenses held, apparently. The attacker’s focus was on the email system. This was not operating for at least three days. This crippled their communication, internal and external. Fortunately, the dealer network was not affected. With this attack, since it was not successful, it would have been useful to know at least a portion of the details. If this were to be a successful attack, one could understand why the details would not be made public until the issue was remediated.
As the email system was being attacked, this mode of communication was not operational. The employees had to use other means to communicate with each other. While this was required in order to conduct business, the other methods and means may have had vulnerabilities and inherent, systemic risks. This includes having no control or monitoring over any confidential data leaving the business. This also was being sent through a third party. The IT Department worked through the attack. At one point, they simply sent the staff home. The business also contracted with cybersecurity experts from around the globe to help with the issue.
As noted, the email system was down for a few days. While a significant detriment, this was not critical. Toyota Australia released a statement noting, in part, they believe after their investigation, the private employee or customer data had not been accessed, which is a good thing. The IT Department was working diligently to have the affected systems operational ASAP.
Bites, C. (2019, February 21). Toyota Australia confirms cyber attack. Retrieved from https://www.itsecurityguru.org/2019/02/21/toyota-australia-confirms-cyber-attack/
Charlwood, S. (2019, February 21). Toyota Australia rocked by cyber attack. Retrieved from https://www.motoring.com.au/toyota-austrailia-rocked-by-cyber-attack-117076/
Duckett, C. (2019, February 21). Toyota Australia confirms ‘attempted cyber attack’. Retrieved from https://www.zdnet.com/article/toyota-australia-confirms-attempted-cyber-attack/
Moore, J. (2019, February 21). Toyota Australia confirms cyber attack. Retrieved from https://www.informationsecuritybuzz.com/expert-comments/toyota-australia-confirms-cyber-attack/
SBS News. (2019, February 21). Toyota Australia embroiled in cyber threat. Retrieved from https://www.sbs.com.au/news/toyota-austraila-embroiled-in-cyber-attack
Tan, A. (2019, February 21). Toyota Australia under cyber attack. Retrieved from https://www.computerweekly.com/news/25248-86/Toyota-Australia-under-cyber-attack
Toyota. (2019, February 21). Toyota Australia statement re attempted cyber attack. Retrieved from https://www.toyota.com.au/news/toyota-australia-statement-re-attempted-cyber-attack
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.