According to CCTV finance reports, on March 1, Japan’s Toyota Motor company decided to stop the operation of all factories in Japan due to the “ransomware” attack on parts suppliers. Although Toyota has announced that production will resume on March 2, the shutdown has affected the normal production schedule of 28 production lines at 14 plants, involving about 13,000 vehicles.
Shortly after the MAC112C-0-HD-4-C/180-A-0/WI516LV/SO11
attack, Toyota’s subsidiary, Japan Denso Co., LTD., suffered a suspected ransomware attack, and a large number of internal information was obtained by hackers, if the nature of this incident is true, it also means that Toyota’s supply chain has suffered a network security attack in just two weeks.
In addition to the Denso extortion, only between 2019 and 2022, Toyota has suffered at least four cyber attacks. The industrial network environment is increasingly complex, and incidents like Toyota’s are not the first to occur. A 2021 report by cybersecurity rating agency Black Kite revealed that 50 percent of the 100 automakers it surveyed and more than 17 percent of automotive suppliers were at high risk of ransomware attacks.
Information security faces many challenges
With the acceleration of digital transformation in various industries around the world, MAC112C-0-HD-4-C/180-A-0/WI516LV/SO11
the value of data is further highlighted, and the theft of data has become the main purpose of cyber attacks, and the network security environment faced by the industrial field is increasingly complex.
According to the “2021 Industrial Information Security Situation Report” (hereinafter referred to as the “Report”) released by the National Industrial Information Security Development Research Center, the national industrial information security index was 53.7 in 2021, at the “medium risk” level, the industrial information security situation was generally stable, and no major security incidents occurred. The national industrial information security index rose slightly for four consecutive quarters, with an overall increase of 7.5%.
The report pointed out that the threat of foreign attacks against our country continues to increase. In 2021, the National Industry and Information Security Center completed the deployment of the national industrial control system threat trapping network, which captured more than 6 million malicious acts such as scanning detection and information reading from 105 countries and regions abroad.
China’s industrial control security vulnerability situation is still grim, 2021 CICSVD newly included 1504 industrial information security vulnerabilities, of which 1464 general vulnerabilities, 40 event-type vulnerabilities, high-risk vulnerabilities remain high.
Among the newly included vulnerabilities in 2021, there are MAC112C-0-HD-4-C/180-A-0/WI516LV/SO11
964 vulnerabilities above high risk, including 210 super dangerous vulnerabilities and 754 high-risk vulnerabilities, accounting for a total of 64.1%.
The newly included vulnerabilities in 2021 involve 220 industrial control brand products, an increase of 35% over 2020. From the perspective of the affected product types, there are 64 subcategories in 10 categories, of which industrial software, SCADA, and configuration software rank the top three.
Under the influence of high profits and high returns, traditional network threats such as ransomware, APT attacks, and data leaks continue to spread to the industrial field, and new attack modes such as extortion attacks continue to emerge, seriously affecting the production and business operations of industrial enterprises. Even some enterprises do not want to connect the equipment with the external network, because the unit network security will affect the normal production.
The “well-known” WannaCry ransomware in the industry has caused international well-known MAC112C-0-HD-4-C/180-A-0/WI516LV/SO11
automobile companies to stop production, WannaCry spread to more than 150 countries and regions, causing economic losses of more than 8 billion US dollars, more than 230,000 computers were recruited, and more than 300,000 users were affected.
There is also a malicious software “Industroyer” that specifically attacks electric power industrial control systems. In 2016, hackers used the Industroyer malware to attack a substation in Ukraine, causing a brief interruption of power supplies in Kiev and other regions, posing a serious threat to the safe operation of infrastructure such as the power grid.
In recent years, network security incidents have emerged in an endless stream, and a series of new attack methods have become more mature, and many industrial fields such as metallurgy, energy, electricity, natural gas, communications, transportation, and pharmaceuticals have been continuously attacked.
On March 10, Anonymous claimed to have hacked the German arm of Russian energy giant Rosneft and stolen 20 terabytes of data. On March 17, Transneft, an oil pipeline giant controlled by the Russian state, said it had also been hacked, resulting in a leak of 79GB of data.
Once a security incident occurs, it will not only cause equipment failure, system breakdown, production stagnation, but also cause security accidents, resulting in unpredictable impact.