Auto Parts Maker Nichirin Pwned By Ransomware

Japanese automotive hose maker Nichirin has been hit by a ransomware attack forcing it to shut down its computerized production controls, as reported by Reuters:

“We are investigating what impact this may have on our customers, and we will promptly disclose any necessary information,” the company said.

Nichirin also posted a warning on its website about possible spoof emails that appeared to be from the company and asked recipients not to open any attached files.

Darren Williams, CEO of BlackFog has offered some perspective on this:

“We continue to see threat actors targeting manufacturers in the automotive, infrastructure and government sectors. Cyber criminals continue to target organizations with older infrastructure, lack of investment in cyber security in terms of both product and personnel. These industries continue to outpace the rest of the market in terms of attacks. It should serve as a reminder that even the smallest contributors to the supply chain must do their part to defend against cyberattacks.”

Additionally, the UK has decided not to impose regulations on the cyber security profession after an 8-week consultation conducted by the Department for Digital, Culture, Media and Sport. The UK Cyber Security Council will its planned chartered standards, as the Government monitors its adoption. In response, an expert with GoodAccess has offered commentary.

Artur Kane, VP of Product of GoodAccess also offers some perspective:

“According to Forbes, there are nearly 465,000 unfilled cyber jobs across the US. At the same time, the number of cyber-attacks has never been so high in history. While society becomes more digitized and wars move more often to cybersecurity space, those nations who want to be relevant must support their digitalization notions with strong security legislation. The lack of unfilled jobs must be supported through investments in education, but without clear directives on what skills, roles and frameworks, graduates rarely leave school being fully prepared for their new jobs. Leaving much of work on recruiting and requalifying employees on organizations and inherently slowing down the whole process and raising costs. Also, the diversity in approaches leads to varying quality and leaves some organization more vulnerable. The UK’s Embedding Standards and Pathways Across the Cyber Profession by 2025 has the potential of filling those gaps. With the decision to postpone its enforcement the UK government heard the voices of organizations, which is a good thing in democratic society, but on the other hand we’ve learnt in history that for big changes to make impact, more swift adoption is required. With GDPR, being controversial, not ideally communicated and left quite big space for speculative understanding of some standards, we are now all thankful for this directive to exist. Yes, companies struggled at the beginning to adopt those standards, but by enforcing it and leaving a protective period when fines were waived, companies felt the urgency and acted swiftly towards full adoption. Postponing the enforcement of the Embedding Standards might be a generous thing but will inherently compromise the speed at which UK solves one of most crucial problems of fully digital and globally competitive country.”

You can see how crippling an attack like this can be. Thus every company needs to make sure that their defences are in tip top shape and that they have the people required to fight this sort of battle if they have to, or make sure that they are in a position never to have to fight this sort of battle.

Leave a Reply