As one of the world’s largest auto manufacturers, Toyota Motor Corp. has a mixed supply chain to support its enterprise operations with over 300 suppliers.
Over the years, Toyota has combined some of its suppliers into its procedures but still kept multiple third-party vendors under contract. That indicates that, like many other organizations with complicated supply chains, Toyota has to rely on the quality and strength of its supplier’s cyber security systems.
With today’s interconnected networks, cybercriminals are increasingly efficient in identifying the weakest link in a supply chain, knowing that the biggest damage can come from compromising the smallest business unit.
But finding these threats isn’t an easy task.
The threat actors are now offering VPN access to what he describes as “a company [that] specializes in the sale and maintenance of Kia, Mazda, Mitsubishi, Toyota, and Lexus vehicles.” Although he doesn’t say the company’s name, which is a familiar move by hackers on such forums, the post clarifies that if this business is breached, it will affect Kia, Mazda, Mitsubishi, and Toyota.
The recent cyberattacks against Toyota’s suppliers
Lately, two Toyota suppliers were hit by cyber-attacks two weeks apart, resulting in a total halt to the company’s production.
One of the attacks targeted Kojima Industries Corp., an automotive parts plant, and the other hit Denso Corp., a global automotive factory.